According to Google engineer Grzegorz Milka, less than 10 percent of active Google accounts use MFA. Why?
People know they need to do it, but nobody has held their hand through the process of selecting an appropriate solution. There’s RSA. There’s Duo. There’s Yubikey. There are dozens of other options. But which one is most appropriate for your company’s unique workflows? It depends. Do you have any air-gapped networks? Do you want the solution to be on-prem or cloud-based? Should it fail open or fail closed? Hardware or software tokens? What’s the cost model?
We believe adoption rates are low because people haven’t had these scoping conversations. It can be tricky, but it’s certainly not rocket science. If you just put the time into MFA, you could almost, just about kiss account compromises goodbye.
Google says: “Using 2FA is one of the top three things that security experts do to protect their security online.”