Integrative research means our extensive company research informs every thesis and perspective. The result is deep industry knowledge, expertise, and trend insights that yield valuable results for our partners and clients.

About the Authors:
Howard Smith
Managing Director
Howard Smith has nearly three decades of experience at First Analysis, working with entrepreneurs as an investor and as an advisor on growth transactions to help build leading technology businesses. He leads the firm’s work in the Internet of Things, cybersecurity and internet infrastructure sectors. He also built the firm's historical franchises in call centers and computer telephony. His thought-leading research in these areas has been cited for excellence by the Wall Street Journal and other publications. He supports First Analysis' investments in EdgeIQ, Fortress Information Security, ObservIQ, Tracer and VisiQuate. Prior to joining First Analysis in 1994, he was a senior tax consultant with Arthur Andersen & Co. He earned an MBA with honors from the University of Chicago and a bachelor’s degree in accounting with highest honors from the University of Illinois at Urbana-Champaign. He is a certified public accountant.
Liam Moran
Senior Analyst
Liam Moran is a senior analyst with First Analysis. Prior to joining First Analysis in 2020, he was in the executive development program with Macy's, where he was responsible for managing the financial modeling surrounding Macy's $3 billion asset-based loan, capital project valuations, and corporate forecasting. Liam graduated from Kenyon College with a bachelor’s degree in economics and a concentration in integrated program in humane studies. He was a four-year member of the Kenyon varsity swimming team.
First Analysis Cybersecurity Team
Howard Smith
Managing Director
Matthew Nicklin
Managing Director
Liam Moran
Senior Analyst
First Analysis Quarterly Insights
Authentication tech: Secure or user friendly? Increasingly both
January 13, 2023
  • The weakness of password-only authentication for access to protected data is well known. Multifactor authentication (MFA) is a long-established way to address this weakness, but it wasn’t practical to deploy widely until the advent of cell phones and SMS for delivering second authentication factors. With nearly everyone owning a mobile phone today, MFA has become a familiar, regular, and highly trusted experience for most internet users.
  • As MFA has become more prevalent, bad actors have directed their attention to defeating it and have developed relatively simple ways to compromise basic MFA. Organizations can respond by implementing enhancements that cost more and require more user effort, but there’s no one-size-fits-all solution. The key is finding the right balance between the value of the data being protected and the cost and user effort associated with different security levels.
  • We discuss the evolution of MFA, its vulnerabilities, and some of the ways basic MFA can be enhanced to address those vulnerabilities. We also provide a brief survey of prominent MFA solution providers.


Includes discussion of CYBR, MSFT, OKTA, OSPN and two private companies

Beyond the simple password

Digital MFA defined and brief history

Basic MFA can be defeated

Finding the right balance between MFA security level, risk, and resources

No rest for the MFA fatigued

Cybersecurity index ends near lowest level in a year

Cybersecurity M&A: Notable transactions include ForgeRock, Cider Security

Cybersecurity private placements: Noteworthy transactions include Snyk, NetSPI

Beyond the simple password

Most everyone is aware of the ease of using simple usernames and passwords to access accounts on computers and phones and the attraction of using the same ones everywhere and having them remembered by all their devices for all their accounts. Most everyone is also aware of the risks of doing so. Of course, account administrators try to reduce these risks by demanding users regularly change and use ever more complex and unique passwords, much to the frustration of users. In the face of these challenges, digital multifactor authentication (MFA) has seen increased adoption because it provides a path to the holy grail of authentication - better security and ease of use. But MFA is not a silver bullet. Bad actors have developed novel attack techniques to compromise MFA. Ultimately, the increasing complexity of securely authenticating online access means there's no one-size-fits-all solution. Rather, it's more important than ever to use thoughtful approaches that take into account dynamic risk measures as well as the IT sophistication and capabilities an organization can bring to bear on its authentication needs. Thankfully, there are solutions that cater to all types of profiles, and the range of solutions is increasing with innovative offerings that enhance basic MFA. We think this innovation will spur increased spending in the category.

To access the full report, please provide your contact information in the form below. A First Analysis representative will follow up with you shortly. Thanks for your interest in First Analysis research.
First Name required!
Last Name required!
Email required!
Industry required!
Unfortunately, your request to access the complete report has failed.

Please check the contact information you have entered.

If the form submission failure persists, please contact Person at (xxx) xxx-xxxx to handle your request. Thank you.
©2024 by First Analysis Corporation.
One South Wacker Drive
Suite 3900
Chicago, IL 60606