What does a 618% jump in 2FA say about internet security?
While 2FA is being implemented more often and users are more frequently protecting their accounts, we need to see these numbers double or triple what we see today for us to be confident that the internet is safer.
The UK, along with Italy, was one of the most active countries for regulatory enforcement of data protection in Europe in 2016; with fines doubling to £3.2 million according to a recent PwC report. Despite this, data breaches have grown by 41% in the UK in 2017 and are still making headlines including the recent Wonga data breach which saw the data of nearly 250,000 UK customers stolen. Globally, 2,889,920,099 user records were exposed in the last 24 months, with sectors ranging from business, education, and government to health and finance all affected. It’s clear that businesses of all shapes urgently need to take steps to improve their security.
Businesses need to act
Data breaches are not slowing down and, while some progress is being made, the onus is on businesses to provide greater security and, importantly, to educate consumers on adequate data protection and the steps the business is taking to secure data. Around 20% of UK consumers said that they don’t trust businesses handling their data, while only a minority of small businesses in the UK have cyber-security risks policies or management in place.
Any business handling sensitive information online should be implementing proactive measures to strengthen their security. Steps they can take range from increasing password security to conducting regular tests and audits on data protection. Two-factor authentication, however, is commonly considered the most reliable method to ensure adequate data protection.
2FA as the solution
Two-factor authentication bolsters passwords with a second piece of information which typically involves a one-time passcode (OTP) being sent at the time of login via an SMS, voice call or generated within an app. Hackers now need possession of the device that is receiving the code before they can access the account.
Twilio found that some of the most popular security packages for supporting 2FA have seen a 320% increase in downloads over the last 24 months. However, while 2FA is becoming more widespread, not every website has 2FA enabled. A quick look at twofactorauth.org will show that only 50% of the 1,000 most popular websites offer any form of 2FA. In reality, that percentage is likely much lower across the millions of websites on the internet.
2FA technology is also advancing, giving developers more and more ways to secure accounts. The latest incarnation, push authentication, is a vast improvement over sending an SMS with a one-time passcode. Push authentication presents the user with a rich interface that includes details of the application they are logging into and asking them to “Accept” or “Deny” the request. As soon as the user clicks either button, the response is immediate — either quickly logging in the legitimate user or preventing access to a hacker. This new approach is being implemented by the likes of Google, Microsoft, Yahoo, and others.
Such 2FA techniques can be used not only for the initial log-in but also other actions which require protection as well, such as a money transfer or a cryptocurrency withdrawal. This means that even with comprised browsers on laptops, high risk and value transactions can be secured by pushing the authorization off the desktop to a trusted device. It’s important that businesses discourage an over-reliance on passwords among consumers, by directly implementing 2FA into the customer log-in experience.
Consumer awareness of 2FA is on the rise
The good news is that consumers are becoming more aware of security threats, mainly due to a string of hacks reported in recent news. In fact, since 2016, there has been a steady increase in public awareness of 2FA which shows that consumers are looking for a method of security that is more robust than a simple username and password. To further support this, Twilio found that there has been a 618% increase in users enabling 2FA from 2015 to 2017 via the Authy app, while a rise of 538% in people who have carried out 2FA protected logins over the past two years. Consumers are evidently becoming more security-aware and are open to changes in the way they protect themselves online, with many moving beyond password-only protection.
With 2FA, is the internet becoming safer?
Security features like 2FA protect data even when older security processes fail. Data shows 2FA usage is increasing significantly, which is a good sign online accounts are being better safeguarded. But does this mean the internet is getting any safer? Overall, our analysis of applications shows that while 2FA is being implemented more often and users are more frequently protecting their accounts, we need to see these numbers double or triple over what we see today for us to be confident that the internet is safer. And with user-friendly 2FA options like push notifications, businesses are better positioned than ever before to make the method visible to their users or even better, a mandatory part of the login process.
This article was originally published by SC Media UK.