In recent decades, the access control market has seen the introduction of numerous different forms of authentication to enhance security and the user experience.
Our latest research does not expect this fragmented technology landscape to be solved by a single form of authentication, however. Instead we expect to see the continued rise of multifactor authentication (MFA) and readers to create a more flexible, secure, and human-centric access control environment in buildings.
MFA is garnering an increasing level of attention as a more robust security measure to safeguard both physical and digital assets in our smart buildings that also demand greater usability.
Emerging MFA solutions will typically combine two of more categories of credentials to enhance the level of security provided by an access control or authentication solution. These categories can be defined with the following approach, as set out by our new study:
- Something the User Has: Physical credentials like access badges, tokens, fobs, and more recently, mobile credentials communicated via Bluetooth Low Energy (BLE).
- Something the User Knows: Including personal identification number (PIN) or a password. This credential is private and known only to the user.
- Something the User Is: Biometric access control features that are personal to each user, include traits like fingerprints, facial recognition, and voice patterns for authentication.
- Someone Trusted Verifies the User: In high-security environments, another human, such as a security guard or receptionist, may be required to vouch for the individual seeking access.
By requiring users to present multiple forms of credentials, MFA greatly enhances the integrity of the authentication process. Additionally, adaptive MFA solutions can allow for customization of entry requirements based on role and access control requirements of a particular individual.
Those adaptive MFA solutions employ contextual variables such as time, location, and risk profile to determine the combination of authentication factors required, thereby offering a dynamic security solution tailored to a range of different scenarios.
However, MFA demands either multiple cumbersome readers or, increasingly, multi-technology readers that have evolved to include pin-pads, mobile credentials, and biometric scanners in a single access control device.
A key advantage of multi-technology readers is their interoperability with existing security systems. These devices allow organizations to progressively phase out legacy systems whilst transitioning to more secure or user-friendly technologies. Advanced readers can even be integrated without overhauling the existing access control infrastructure, offering a smoother transition path.
Access Control UX
“From a user experience standpoint, multi-technology readers offer unparalleled flexibility, catering to a broad spectrum of user preferences by providing multiple methods for secure access,” reads our new research report. “Importantly, multi-technology readers also often meet or exceed existing security standards, making them a compelling choice for industries subject to stringent regulatory guidelines. Compliance with security standards not only enhances organizational credibility but also ensures a higher level of protection against breaches.”
While MFA appears to be the obvious choice for organizations seeking to improve security and access control usability, the maturing technology also comes with certain challenges. Perhaps the most noticeable of these challenges is the increased time required for user authentication.
Another is cost, MFA readers tend to be more expensive than their single-factor counterparts, often costing between $500 to $1,000 more than single-factor units priced between $400 to $500. While implementation and maintenance provide additional barriers to overcome.
“One of the first challenges organizations often face is the complexity of implementing multi-technology readers, especially when integrating them into existing systems. The deployment may require specialized skills and could involve a steep learning curve for both IT staff and end-users,” explains our 2023 to 2028 access control market report. “Another challenge is the ongoing maintenance and regular software updates needed to ensure the system remains secure and functional. These updates may sometimes require system downtime, affecting accessibility and potentially incurring additional costs.”
Cybersecurity is another major imperative for access control, with mandates for advanced authentication protocols like MFA, as the risk of unauthorized access could have severe implications for the public or private sector. Governments around the world are prioritizing the layering of robust identity verification, cyber protections, and physical barriers to safeguard critical infrastructure. Recently both the US and UK governments have specifically recommended MFA and similar measures for public sector organizations.
Despite short to medium-term challenges, MFA appears set to dominate the future of access control as users continue to demand the flexibility and security of multiple forms of authentication. As the technology matures and adoption rises, the price of MFA systems will gradually reduce, further propelling the market for this technology.
Implementation and maintenance of MFA will be enhanced as innovation drives the technology forwards. We should expect gradual growth of the MFA technology market until regulation begins to accelerate adoption region by region.