Most of us are inherently ‘password lazy.’ Using the same password for all online activity, despite warnings from industry experts, puts our online identity at risk of being breached by an increasing number of opportunistic hackers. From social networking to banking, password laziness has become the bane of almost every online player. And the consumer has become their own enemy when it comes to security, sometimes with serious repercussions. This is certainly a challenge for brands looking to protect their reputation as a trustworthy and secure online portal, but the problem isn’t exclusive to e-commerce giants. Enterprises, too, are recognising the need for an additional layer of technology at the user level to protect sensitive consumer data, which has pushed two-factor authentication (2FA) into the limelight.
Featured Download: Social media access at work. Do your employees know the rules?
As threats from hacking, phishing, and other types of online fraud become increasingly more sophisticated, 2FA has become the most commonly used method of bolstering account security. Google was one of the first to introduce 2FA back in 2011, and since then a range of other online players have followed suit. Some have implemented 2FA ahead of time, while others have introduced additional security in response to a data breach. But either way, there has been a significant movement towards 2FA.
However, as many users are password lazy, there’s growing concern that they will steer clear of a 2FA approach that’s seen to be too difficult to use. This is a problem; as far as the media is concerned, regardless of consumer apathy to online security, the buck stops firmly with the companies to ensure their user’s data remains secure.
Traditionally, 2FA deployments have required additional hardware such as a key fob, which is not ideal for the average consumer. Enterprises and internet giants hoping for mass 2FA adoption need to introduce a universal solution for their global user base. More importantly, they need something that can be introduced immediately. For these companies, there’s a much simpler way to introduce 2FA – by using SMS.
SMS-based 2FA can send a one-time PIN to a users’ mobile phone via text message, immediately turning their device into an extra layer of security. This approach doesn’t require any additional equipment and is hardware agnostic, capable of running on the latest smartphone or a feature phone that’s over a decade old.
Retailers, storage providers, and social networks are all beginning to introduce SMS-based 2FA as a simple username and password combination is no longer enough to guarantee an adequate level of security. And as it’s quick and easy to implement, it’s no surprise that the use of SMS as a delivery system for 2FA will continue to grow.
However, for improved account security (SMS based 2FA or otherwise) to be effective, security measures above and beyond the humble username and password need to be adopted by all companies and not just a select few. If a user’s details stray from the hands of Facebook and are used to hack their Amazon account, it is little consolation to know one offered 2FA if the other didn’t. After all, as it’s now common knowledge that most consumers use the same username and password combination for all online accounts, any website that doesn’t support 2FA is increasing the chances of data breaches and privacy violations. Universal deployment of 2FA could be the answer.
By Silvio Kutic, founder and CEO, Infobip
About Infobip
Silvio Kutic, founder and CEO of Infobip, earned a M.Sc. at the University of Zagreb Faculty of Electrical Engineering and Computing. Silvio took over as CEO in 2006. Since then, he has been the driving force behind Infobip’s rapid growth and the strategic shift towards enterprise and MNO solutions.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.