Survey: Combination of User Name, Password Rule, But Digital Certificates Seen for Authenticating Remote Access

According to a survey by market research institute DT&P international, which was commissioned by TC TrustCenter GmbH, the combination of user name and password remains the most commonly used authentication method (99% of respondents authenticate in this way) for remote access among European firms surveyed.

In the background, Public Key Infrastructure (PKI), in the form of digital certificates, is making headway, showing real momentum as a means of granting remote access. In fact, 77% of those surveyed use PKI as a preferred method for remote access security in addition to user name and password.

The survey, conducted in August 2009 and obtained this week by Security Magazine Blog, focuses on the handling of remote access security by European companies of over 500 employees. Respondents included organizations from IT services, consulting, insurance and utilities industries.

The survey highlights that businesses see high levels of security as a necessity when accessing data remotely. Other selection criteria that were depicted through the survey results as being essential to remote access security include low administrative overheads, access locking capabilities and reasonably low training requirements. On demand certificate management services users have been able to benefit from these functions as well as the ability to quickly and safely replace lost, defective or forgotten access tokens.

Although high levels of security were shown in the survey to be a primary concern, surprisingly, the majority of respondents reported that their businesses did not currently use strong access keys such as hardware tokens and Trusted Platform Modules (TPM). Instead, medium security methods such as digital keys and certificates proved more popular. Only 24% of respondents are currently using hardware tokens, and only 25% use TPM devices, which are essentially crypto chips in a laptop that work like integrated smart card devices.

“The survey has shown that digital trust applications have come of age and are commonly used by businesses,” said John Adams, CTO at ChosenSecurity. “The universal nature and the advanced integration of PKI systems with identity management systems, alongside the easy handling that comes with it, is clearly indicated by the results of the survey.”