Dashlane Research Finds Majority Of Two-Factor Authentication Offerings Fall Short

By   ISBuzz Team
Writer , Information Security Buzz | Oct 31, 2018 04:00 am PST

76% of Consumer Sites Fail to Offer Users Full Complement of 2FA Options

Dashlane announces the results of its Two-Factor Authentication (2FA) Power Rankings. The rankings, which examined the prevalence of 2FA offerings among 17 top consumer websites in the United Kingdom, found that 76% of sites do not offer users a full set of 2FA options.

 Dashlane researchers tested each website on three critical 2FA criteria, awarding one point for SMS or email authentication, one point for software tokens, and three points for hardware tokens, such as YubiKey or U2F authentication, for a maximum and passing score of 5/5. Any site that scored below 5/5 was deemed to be failing as they do not offer their users a full range of 2FA options.

 Lack of 2FA Options on Most Websites

Of the 17 sites Dashlane examined, only 4 (24%) received a passing score: Google, Facebook, Twitter, and Battle.net. Two of the websites tested offered no 2FA options at all: Asos and TripAdvisor.

 “Through the course of our research we found that information on 2FA is often presented in a way that is unclear, making it difficult for consumers to confirm 2FA offerings,”said Emmanuel Schalit, CEO of Dashlane. “In fact, our researchers were forced to omit a large number of popular websites from our testing simply because the sites don’t provide any straightforward or easily accessible information about their 2FA offerings. It’s reasonable to conclude that many consumers are not taking full advantage of the security options available to them due to this lack of transparency.”

 Extra Layer of Security

2FA is one of the best ways to add an extra layer of security to any account, as it requires anyone trying to access your account to have an additional method of authentication, such as a code sent to your phone. While no method of 2FA is invulnerable, hardware, token-based 2FA is by far the most secure form, as it would require a potential hacker to have access to both your password and your physical hardware key. This is precisely why Dashlane was the first password manager to work with Universal 2nd Factor (U2F) security keys, backed by Yubico and the FIDO Alliance.

 It is fitting that we decided to share the results of this research near Halloween, because in the wake of recent data breaches and hacks, there should be nothing scarier to an organization than the thought of risking their customers’ valuable data,” added Schalit. “We want to educate the public about the benefits of an addition like Two-Factor Authentication so that they can demand the latest innovations in security from the companies serving them.”

 2018 UK Rankings

●        5/5 Points

○        Facebook

○        Google

○        Twitter

○        Battle.net


●        2/5 Points

○        Amazon

○        Apple

○        Evernote

○        Instagram

○        Patreon

○        Slack


●        1/5 Point

○        Airbnb

○        eBay

○        Indeed

○        LinkedIn

○        Yahoo!

 ●        0/5 Points

○        Asos

○        Trip Advisor


Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x