What makes the perfect password? Is it a variety of letters, characters and numbers? There are certainly ways to make passwords more secure, however businesses need to consider whether single-factor authentication is even the best way to keep online data secure, or whether a more robust solution is needed.
A single-factor authentication (a password) is easy for users, but makes the system vulnerable to a wide variety of cyberattacks. This is where two-factor authentication (2FA) comes in by adding an additional layer of security, which is simple for customers to use, to their accounts. 2FA is a simple fix to an age-old problem.
So, what does this actually mean for consumers and companies? Essentially, 2FA also reduces the risk of hack attacks. Unfortunately, consumers make it very easy for hackers to get their hands on their login details, and according to a new survey by Keeper Security, more than 80 per cent of people aged 18+ use the same password across multiple accounts. This is why 2FA is so important to protect customers - it provides another layer to the password and user mix.
It delivers a one-time pin to the users’ mobile device, which they have to enter before accessing the account. Not only does this prove they have the correct login details, it also confirms they have a device associated with their account in their possession. These two factors combined dramatically improve account security and make it a lot harder for hackers to gain access. Therefore, it is one of the most effective ways of reducing cybercrimes such as identity theft, hacking and phishing.
ATMs have used two-factor authentication for decades. You take something you have (the card) and combine it with a secret (your PIN) to unlock your account. So why don’t we apply the same thing to online passwords? Two-factor authentication can not only help increase security, but as a result it can increase customer loyalty and trust, as they feel the company cares about their personal data.
Consumers see companies that use 2FA as reliable and secure
When consumers see companies offering 2FA for enhanced security, it serves as a proxy for dedication to overall security. Consumers know that security breaches are unpredictable—and sometimes they are out of a company’s control—but companies that implement 2FA signal to consumers that they take security seriously. This is increasingly important as we trust more and more of our lives to online services.
Amazon engineer, Josh Davis, helps consumers see which companies support 2FA security initiatives with his site Two-Factor Auth List. The site lists hundreds of services—from investment firms to coffee shops—showing which have implemented 2FA and which haven’t. For companies that haven’t, a button lets consumers tweet the company with a present message encouraging them to start offering 2FA on their service.
2FA drives consumer confidence in online brands
Over the years there has been a rise in data hacking, which has had a direct impact on trust, credibility and brand equity. By creating a secure brand and experience, businesses can ensure that consumers continue to have confidence in the security of their personal data.
Not only that, but having stronger security measures for one-to-one ecommerce sites increase consumers’ trust. Consumers are more likely to trust other consumers on marketplace websites, like eBay or PayPal, knowing that everyone on the system must pass through the same tight security as they did. Building a large circle of trust within the community—especially with services like eBay and Etsy—is essential to these services’ long-term success.
2FA needs to be seamless to the user
The goal of 2FA is to secure personal information while still providing a smooth user experience. Imagine you’re a customer, who has activated 2FA on your service, and is waiting to receive a one-time password before completing a banking transaction—but the PIN never arrives. The customer isn’t going to be happy if the transaction cannot be completed. PIN code deliverability is key for 2FA security to work. It won’t take many OTP failures for people to turn off 2FA altogether, defeating the purpose of having it in the first place.
The most reliable way to deliver a one-time password to users is through SMS. It is a dependable method (with 90 per cent+ delivery rates) and is accessible to many people, as an estimated 62.9 per cent of the population own a mobile phone today.
SMS reduces room for error
The alternative to SMS is using mobile apps. The challenge is that verification over mobile apps relies heavily on numerous pieces of the puzzle going right. The user has to download and activate the app, followed by the app needing to be connected to each service one by one. If the customer gets a new phone or restores the phone from backup, then the connection between the 2FA app and all the services is lost and must be restored manually – hardly an easy journey for the customer.
Not only that, but platform and version incompatibility can cause the apps to fail; whereas SMS is already available on the vast majority of phones. Email is also vulnerable—it's now fairly common knowledge to avoid sending sensitive personal and financial data in an email.
Take security to the next level with 2FA
Hacks and data breaches are sadly becoming the norm in modern society, due to almost every aspect of our lives being based online. In nearly every case, the damage done could have been mitigated if users were using 2FA to secure their accounts. Despite these high-profile data breaches exploiting the big brands and consumer data, they have at least helped raise awareness around the importance of security. This has been key to the widespread growth, especially with online services that have a global user base to protect.
Mobile identification verification, combined with ongoing phone number data matching, helps to identify and verify consumers during account sign up and throughout their journey. By using two layers of security, companies can increase security without impacting the user journey as all the work is going on in the background whilst still providing that additional layer of security with 2FA. This additional layer offers consumers transparency about security measures, which are ultimately two levels stronger, which in turn will increase trust in the services offered. To add to this, mobile operators and Communications Platforms-as-a-Service (CPaaS) are working together to create a much more secure ecosystem for the end user and essentially, add a third layer of security into the mix. In an initiative being supported by the GSMA, the programme and its operator partners are prioritising the development of digital identity services, providing a safe, seamless and convenient user experience.
When it comes to cyber-security, it is no longer a nice-to-have but is instead a must-have for businesses. Not only that, but single factor authentication is no longer going to cut it, as stronger two-factor authentication is critical in order to be a trusted and reliable company. Therefore, doing it through a means which is universally compatible and reliable is key in order for data breaches to become a thing of the past.
Adrian Benic is Vice President of Products, Infobip
Image source: Shutterstock/scyther5