Apple’s decision to roll out two-factor authentication across the full iCloud ecosystem is not just a knee-jerk reaction to protect user data in the wake of a celebrity scandal. As threats from hacking, phishing and other types of online fraud become more sophisticated, two-factor authentication (2FA) is quickly becoming a necessity for account authentication of all kinds. Apple’s decision has the potential to become a significant driver behind this trend.
Retailers, storage providers, and social networks in particular are all beginning to realize that introducing 2FA as a simple username and password combination is no longer enough to guarantee an adequate level of security. At the same time, while there is no doubt that two-factor authentication ticks all the boxes for a consumer-friendly answer to the security challenges faced by today’s online players, incorrectly implementing 2FA or providing consumers with an overly complicated authentication process will not have the desired effect. The extra layer of security simply won’t be used.
Free Download: Is An Outright Ban On Workplace Social Networking A Good Idea?
A 2FA implementation can be challenging for companies on two fronts. It can be too difficult to operate, meaning consumers will not accept it as a convenient method of account authentication, or it can be so technically complicated for an enterprise to deploy that it doesn’t make commercial sense. Some 2FA set-ups require additional hardware such as a key fob which isn’t ideal for large multinationals like Apple, Twitter and Facebook. Companies of this scale need a simpler and more universal solution for their global user base. More importantly, they need something that can be implemented immediately.
In these situations, SMS-based 2FA is the answer, which can turn any mobile phone into an extra layer of online security. This approach is consumer-friendly and requires no additional hardware. It also causes little disruption when rolled out to consumers, and it can be deployed by internet giants far quicker than alternative methods.
SMS-based 2FA can also help online companies of all sizes better prepared for the future, especially with regards to transitioning into new markets. Apple, for example, is looking to move into mobile payments, where it’s more important than ever to demonstrate a high level of security. Increasing demand for better consumer account protection has also led to many global players deploying 2FA as a precaution rather than waiting until they experience a privacy breach themselves. However, to avoid setbacks or consumer rejection, it’s important for these companies to think beyond simply implementing any 2FA strategy by considering which approach is most appropriate for their business.
By Silvio Kutic, founder and CEO, Infobip
Silvio Kutic, founder and CEO of Infobip, earned a M.Sc. at the University of Zagreb Faculty of Electrical Engineering and Computing. Silvio took over as CEO in 2006. Since then, he has been the driving force behind Infobip’s rapid growth and the strategic shift towards enterprise and MNO solutions.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.