Skip to main content

Is the internet getting safer?

(Image credit: Image source: Shutterstock/Toria)

Correctly, and safely, connecting humans to their various digital identities is an ongoing challenge for businesses. For banks today, verifying that it is really you trying to access your account is a greater challenge than ever before, as hackers and their techniques only continue to become more sophisticated. Combating this threat requires constant monitoring, maintenance and round-the-clock work from security teams. The same principle rings true for social media platforms like Facebook, online retailers like Amazon, medical portals like NHS Choices and so on.  

Historically, we’ve been over-reliant on usernames and passwords as the primary means of making the link between people and their online identities. And today consumers are continuing to reuse passwords for all sorts of online activity – ranging from handling highly sensitive information, such as bank or medical records, to simply signing up for a newsletter. In fact, for five consecutive years (2012 – 2016) “password” ranked number one in SplashData’s annual Worst Passwords report. The latest version of the report (which collects data on the most over-used passwords) saw “password” debunked to second place by “123456”. 

Breaches galore 

Data breaches are only continuing to grab headlines as they increase in both frequency and complexity – one recent Wonga breach alone saw 250,000 UK customers’ data stolen. Globally, the number of records exposed over the past 24 months is 2,889,920,099. 

Perhaps as a result of this, around 20% of UK consumers have said they do not trust those companies storing and handling their data.

Yet, with so many breaches it’s clear that the username and password combination is no longer enough to protect our information online. Compounded by the fact that consumers are still tending to over-rely on weak passwords, questions about user awareness when it comes to online security persist. And, with most small businesses in the UK failing to implement cyber security risks policies or management, questions remain about the role of businesses in educating them/providing them with the tools they need to stay safe. 

Pushing 2FA 

Any business handling sensitive user data needs to constantly evaluate their existing security and take proactive steps to be up to date on newer technologies and methods available to them – from vulnerability testing, increasing password criteria to running regular audits. 

Perhaps the most reliable method for consumers to secure their data is through two-factor authentication (2FA), which typically involves a one-time passcode being sent via SMS to confirm your login.  

2FA technology is continuing to advance, and push authentication has recently emerged as a much easier way for users to verify their identity when trying to access online accounts. It’s certainly promising to see that some of the most popular security packages for supporting 2FA have seen a 320% increase in downloads over the last 24 months. But there is still work to be done. A look at reveals only half of the 1,000 most popular websites that require users to log-in have any type of 2FA enabled. 

Push authentication leverages the growing ubiquity of the smartphone. Push notifications are sent to devices and result in a user being presented with lots of information about the login taking place. Details of the application or website they are logging into, such as location of the requesting user, what account is being accessed and on what device.

Based on this, users need simply to “Accept” or “Deny” the request. As soon as the user clicks either button, the response is immediate – either logging in the legitimate user or preventing access to a hacker. Such 2FA techniques can be used not only for the initial log-in but other actions which require protection as well, such as a money transfer or a cryptocurrency withdrawal. With this level of security, should an account be compromised, highly sensitive transactions will still require authentication. 

Giants like Google, Microsoft and Yahoo and more have already integrated this kind of service into the user experience. And, thanks to this uptake, there has already been improved interest in 2FA from the general population, with searches of the term “2FA” more than tripling in the last two years (According to Google Trends). 

Having ownership of the device receiving these push notifications ensures that hackers now need more than your username and password, and this sentiment has clearly begun to resonate with users. 

Awareness is improving 

According to npm, downloads of the most popular security packages on the Registry — a publicly-searchable collection of over 600,000 modules of reusable JavaScript code accessed by over 12 million developers per week — have increased by 548% since January 2016. At the same time, Twilio found that there has been a 618% increase in users enabling 2FA from 2015 to 2017 via the Authy app, while also seeing a rise of 538% in the number of people carrying out 2FA protected logins over the past two years. 

What these findings together highlight is the growing importance that users are placing on securing their accounts, and the growing pressure on businesses (and the developers supporting them) to meet this demand. 

Progress is being made 

Evidently, consumers are becoming more concerned about their security and are engaging with the solutions and tools being put out by businesses to help them stay safe. It’s clear that data breaches are not slowing down, which is leading developers and consumers to look to the open-source community for solutions. 

While data breaches are likely to continue, tools like 2FA help businesses to empower their users to secure their data. The 2FA research highlighted here helps to illustrate that consumer buy-in when it comes to their online security is significantly increasing. 

It’s promising to see that (via their developers) businesses are working hard to service this steadily increasing appetite for greater security measures. 2FA remains one of the best ways to protect online accounts against a takeover but it must go from a popular add-on to an essential part of the user experience. 

If applications adopt modern methods such as push authentication, not only will it improve the user experience, but it would also incline developers to make 2FA mandatory – making the internet safer for all.  

Simon Thorpe, Director of Product at Twilio 

Image Credit: Toria / Shutterstock

Simon Thorpe is Director of Product at Twilio.