76% of Consumer Sites Fail to Offer Users Full Complement of 2FA Options
Dashlane announces the results of its Two-Factor Authentication (2FA) Power Rankings. The rankings, which examined the prevalence of 2FA offerings among 17 top consumer websites in the United Kingdom, found that 76% of sites do not offer users a full set of 2FA options.
Dashlane researchers tested each website on three critical 2FA criteria, awarding one point for SMS or email authentication, one point for software tokens, and three points for hardware tokens, such as YubiKey or U2F authentication, for a maximum and passing score of 5/5. Any site that scored below 5/5 was deemed to be failing as they do not offer their users a full range of 2FA options.
Lack of 2FA Options on Most Websites
Of the 17 sites Dashlane examined, only 4 (24%) received a passing score: Google, Facebook, Twitter, and Battle.net. Two of the websites tested offered no 2FA options at all: Asos and TripAdvisor.
“Through the course of our research we found that information on 2FA is often presented in a way that is unclear, making it difficult for consumers to confirm 2FA offerings,”said Emmanuel Schalit, CEO of Dashlane. “In fact, our researchers were forced to omit a large number of popular websites from our testing simply because the sites don’t provide any straightforward or easily accessible information about their 2FA offerings. It’s reasonable to conclude that many consumers are not taking full advantage of the security options available to them due to this lack of transparency.”
Extra Layer of Security
2FA is one of the best ways to add an extra layer of security to any account, as it requires anyone trying to access your account to have an additional method of authentication, such as a code sent to your phone. While no method of 2FA is invulnerable, hardware, token-based 2FA is by far the most secure form, as it would require a potential hacker to have access to both your password and your physical hardware key. This is precisely why Dashlane was the first password manager to work with Universal 2nd Factor (U2F) security keys, backed by Yubico and the FIDO Alliance.
“It is fitting that we decided to share the results of this research near Halloween, because in the wake of recent data breaches and hacks, there should be nothing scarier to an organization than the thought of risking their customers’ valuable data,” added Schalit. “We want to educate the public about the benefits of an addition like Two-Factor Authentication so that they can demand the latest innovations in security from the companies serving them.”
2018 UK Rankings
● 5/5 Points
○ Battle.net
● 2/5 Points
○ Amazon
○ Apple
○ Evernote
○ Patreon
○ Slack
● 1/5 Point
○ Airbnb
○ eBay
○ Indeed
○ Yahoo!
● 0/5 Points
○ Asos
○ Trip Advisor
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.