The United States Hardware OTP Token Authentication Market is expected to register a CAGR of 6.2 % during the forecast period between 2021 - 2026. The United States is the largest contributor to breach activity with 2,330 breaches reported, with the United Kingdom positioned 2nd, far behind with reported 184 breach reports. The number of breaches, 2,330, in the United States, led to total exposed records of 2,317,065. This led to personal information being compromised. With such a cyberattack, the adoption of hardware OTP token is highly required in the country.
- Increasing investments from the Banking and Finance Industry drives the market. As of 2018, at least 28 financial services companies out of all companies present in Fortune's Global 500 listing have decided to locate their office headquarters in the United States to take advantage of its creative, competitive, and comprehensive financial services sector. Further, with increasing expansion, the increasing cyberattack is highly expected.
- Instances such as, in March 2019, a hacker gained access to Capital One credit card applications for consumers and small businesses. Capital One detected the breach in July. According to the bank, about 140,000 social security numbers and 80,000 linked bank account numbers were exposed in the United States. According to Duo Security, 19% of government agencies use hardware authentication tokens and 5% of the banks. To address such issues and prevent it from the data breach, the demand for hardware OTP token authentication will increase further in the forecasted period.
- A growing number of identity threats are driving the market. The Consumer Sentinel Network (which is maintained by the Federal Trade Commission (FTC)) tracks consumer fraud activities and identity theft complaints filed with federal, state, and local law enforcement agencies and private organizations. Out of the 3.2 million identity theft and fraud reports received in 2019, 1.7 million were fraud-related, about 900,000 were other consumer complaints, and about 651,000 were identity theft complaints. These instances highly provide a necessity for the adoption of hardware authentication in the country.
- However, legacy hardware-based two-factor solutions are wretchedly inadequate and expensive for the mass scale deployments necessary for many of today’s online consumers, employees, and partner-focused applications and web portals. Further, currently, software OTP, SMS, email, biometrics, etc., are available substitutes to hardware OTP tokens, which caters to the challenge for market growth.
- Further, before COVID-19, cybersecurity was already a major concern for governments, businesses, and individuals. Now, the threat of a major data breach is greater than ever during the pandemic. Passwords are one of the most vulnerable targets of attacks. Compromised credentials are responsible for over 80% of all breaches, according to the 2019 Verizon Breach Investigations Report. The government is more focused on passwordless authentication during the pandemic and after the pandemic. This significantly challenges the market growth in pandemic and after the pandemic.
Key Market Trends
BFSI to Witness Significant Growth
- The banking, financial services, and insurance (BFSI) industry is one of the largest markets for hardware OTP token authentication globally and in the United States. Several revised laws mandate the usage of two factor and multi-factor authentication for BFSI transactions.
- Several organizations and governing bodies, such as Federal Financial Institutions Examination Council (FFIEC), New York State Department of Financial Services (NYDFS), and the Cybersecurity Regulation and National Association Of Insurance Commissioners (NAIC) have mandated the usage of multifactor authentication (MFA) to protect access to sensitive data for financial institutions, insurers, banks, and many other organizations.
- Initially, several BFSI players preferred hardware tokens for MFA. But the advent of smartphones is increasingly replacing this technology over time. Several banks and financial organizations have moving on to the mobile platforms. These reasons have been restraining the market growth.
- There is also a new class of hardware token devices seen in the market, called hybrid solutions. These solutions offer both contactless and connected experiences in a single piece of hardware and are drawing considerable attention from several BFSI vendors in the market.
- Moreover, the BFSI sector is also experiencing an increase in cloud workloads, where a significant amount of data is moved to the cloud. Further, the rising integration of the third party, such as mobile wallets, coupled with complex security infrastructure where many vendors are deployed around the ecosystem, is creating a significant security challenge in the sector.
- Thus, BFSI enterprises should adopt zero trust security model that will require strict identity verification for every user and device trying to access resources which have to be enforced with multi-factor authentication (MFA) that will ensure that security is met by insisting on more than one piece of evidence to authenticate a user.
Enterprise Security Holds a Significant Market Share
- According to the White House Council of Economic Advisers, the US economy loses approximately USD 57 billion to USD 109 billion per year to harmful cyber activity. Only 26% of companies use multi-factor authentication in the US.
- The number of attacks has grown exponentially, and a majority of enterprises in the country lack the resources to scale their security initiatives to provide adequate DDoS protection. The threat of DDoS is also driven by access to easy-to-use tools and by a broader criminal understanding of its profit potential through extortion. These attacks that directly target individuals and business systems could potentially lead to substantial financial losses.
- According to Akamai Technologies, in the United States, from November 2017 to April 2018, the highest percent of DDoS attack traffic was 30% comparing with other countries.
- Further, SSH (Secure Shell) provides a range of advanced security features, but it is still vulnerable to brute force attacks trying large numbers of passphrases until they get to hit upon the right one. One way for countering is passwordless login using cryptographic keys, but these are normally stored on a local drive or in the cloud, which makes them vulnerable to misuse and creates some management overhead.
- In February 2020, OpenSSH version 8.2 was out, and the future trend is that the world’s most popular remote management software now supports authentication using any FIDO (Fast Identity Online) U2F hardware token. This secure alternative is to put them on a USB or NFC hardware token, such as a YubiKey that ties a generated private key to that device. This means that authentication cannot happen without the token being present as well as requiring a physical finger tap by an admin.
- A player such as Protectimus Solutions LLP provides a wide variety of OATH compliant authentication methods providing several hardware OTP tokens. Protectimus TWO features Algorithms: TOTP (RFC 6238); SHA-1, SHA-256 (optional) and are produced with pre-installed secret keys with full water resistance (class IP68). Corporate use with Protectimus multi-factor authentication service to enhance cyber protection.
- Further, many organizations are heavily investing in PKI and other authentication schemes that have delivered on the passwordless value proposition for legacy on-premises apps. Players are now understanding what customers need and are backing up with new solutions.
- In February 2020, Thales released new passwordless authentication devices that can be used to log into Microsoft Azure AD apps and services. The devices are geared towards enterprise customers, and are compliant with the latest FIDO2 standards. To that end, the devices will act as a hardware token that can be deployed for PKI-FIDO use cases.
The United States hardware OTP token authentication market is consolidated and consists of a few significant players in terms of significant share. These major players, with a prominent share in the market, focus on expanding their customer base across the end-use. Key players are Entrust Datacard Corporation, Thales Group (Gemalto NV), etc. Recent developments in the market are -
- December 2019 - RSA and Yubico partnered to provide an enterprise-grade FIDO Authentication solution to address the growing digital risks of the modern workforce. Also, several solution providers like MyID offers the credential management system for governments and enterprises to issue and manage USB tokens for hardware-based authentication.
- March 2020 - ATEK Access Technologies announced the launch of its new Datakey CryptoAuthentication memory token line, which gives embedded systems designers a rugged and secure portable memory device for authentication applications. The line of removable memory devices utilizes Microchip’s CryptoAuthentication family of high-security hardware authentication ICs, enabling embedded applications.
- July 2020 - HID Global expanded its biometrics identification management solutions to police departments and military installations around the world. The HID NOMAD 30 Pocket Reader’s PIV-certified sensor enables end users, such as law enforcement officers, to quickly capture and verify single fingerprints against databases, and eliminates the need to transport suspects to a central booking station.
- The market estimate (ME) sheet in Excel format
- 3 months of analyst support
This product will be delivered within 2 business days.
Table of Contents
1.2 Scope of the Study
4.2 Industry Attractiveness - Porter's Five Forces Analysis
4.2.1 Bargaining Power of Suppliers
4.2.2 Bargaining Power of Buyers/Consumers
4.2.3 Threat of New Entrants
4.2.4 Threat of Substitutes
4.2.5 Intensity of Competitive Rivalry
4.3 Regional Market Lifecycle Analysis (United States vs Rest of the World)
4.4 Regulatory Policy Analysis
4.5 Market Drivers
4.5.1 Growing Number of Internet-based Transactions
4.5.2 Increasing Investments from Banking and Finance Industry
4.6 Market Restraints
4.6.1 Growing Use and Reliability of Bio-metric Authentication
4.7 Assessment of COVID-19 impact on the industry
5.2 End User Industry
5.2.3 Enterprise Security?
5.2.5 Other End User Industries
6.1.1 Entrust Datacard Corporation?
6.1.2 Thales Group (Gemalto NV)?
6.1.3 One Identity LLC?
6.1.4 RSA Security LLC?
6.1.5 SurepassID Corp.?
6.1.6 Symantec Corporation(Broadcom)
6.1.7 VASCO Data Security International Inc.?
6.1.8 Yubico Inc.?
6.1.9 HID Global Corporation/ASSA ABLOY AB.?
6.1.10 OneSpan Inc. ?
A selection of companies mentioned in this report includes:
- Entrust Datacard Corporation
- Thales Group (Gemalto NV)
- One Identity LLC
- RSA Security LLC
- SurepassID Corp.
- Symantec Corporation(Broadcom)
- VASCO Data Security International Inc.
- Yubico Inc.
- HID Global Corporation/ASSA ABLOY AB.
- OneSpan Inc.