YOU ARE AT:OpinionReality Check: Two-factor authentication 101 – the key to de-coding a social...

Reality Check: Two-factor authentication 101 – the key to de-coding a social hacker’s playbook

Editor’s Note: Welcome to our weekly Reality Check column where C-level executives and advisory firms from across the mobile industry share unique insights and experiences.

In today’s “socially connected” world, social media giants like Twitter and Google have become top targets for hackers and mobile devices are adding fuel to the fire. Today, hacks over social media are so common that Internet companies are increasingly looking to implement SMS-based two-factor authentication to help protect their users’ accounts. This type of authentication requires understanding and buy-in from consumers, but as we report, it can vary greatly depending on the country.

Most ‘at risk’ markets

Mobile interaction specialist, Tyntec, recently commissioned YouGov to survey both emerging and established markets, to evaluate how consumers view mobile and social security. The “Mobile Messaging and Social Networking Survey” included responses from more than 4,000 participants between the ages of 18-55 in the well-established markets of the United States and United Kingdom, as well as in the rapidly emerging mobile telecom nations of Brazil and Russia. The research revealed that social media users in Russia and Brazil are significantly more vulnerable to hackers, with 35% of consumers in Russia claiming their own accounts have been hacked at some point in time. In comparison, only 7% of users in the United Kingdom and 12% in the United States personally experienced a breach.

When asked what is most worrisome about social media, both Brazil and Russia were in agreement that identity theft topped the list of concerns with 44% and 28% of the vote, respectively. Conversely, consumers in the United States and United Kingdom agree that the lack of control over how information is shared is most distressing, with 38% and 36%, respectively.
Two-factor authentication … what’s that?

Ironically, despite the known vulnerability to hacking, the vast majority of social media users in all markets surveyed were unfamiliar with the name two-factor or two-step authentication or its purpose. In professional circles SMS-based 2FA is well-known because it adds an additional layer of security onto an existing login process by requiring a one-time password to be verified via a second channel. This usually involves authentication online as well as on a users’ mobile device. To successfully deploy this additional layer of security, users must opt-in and share their mobile number with online application providers.

The recent influx of social media hacks have caused Internet companies to implement security solutions like 2FA to help protect their users’ accounts and information. The popularity of SMS-based 2FA is rooted in its user-friendly nature, cost efficiency and security effectiveness. Despite the advantages, a key ingredient making 2FA more effective is still missing: education. As noted by the recent survey, end-user respondents were not aware that by providing their mobile number to the Internet provider they could initiate 2FA as a security measure.

Coupled with the lack of awareness, we found that users in both the United Kingdom (88%) and United States (89%) were largely unwilling to share their mobile number with Internet companies in exchange for added security to their individual accounts. This finding speaks to the market’s primary concern with social media and the lack of control over what information is shared. To this subset of end-users, the mobile number is considered to be a “personal identifier” and highly sensitive information that needs to be closely guarded. If Internet companies want to increase the number of users to opt-in for 2FA, they’ll need to instill confidence that mobile numbers will only be used for security purposes, and nothing else.

Alternately, both Brazil and Russia disagreed with their survey counterparts, claiming to be mostly in favor of sharing their mobile number with online application providers to increase security.

Opportunities await

No one using the Internet is immune. In the aftermath of the disastrous hacks and security breaches reported in 2013, Internet companies can no longer afford to be lax on the implementation or education on the topic of security. Who can forget the Associated Press’ Twitter hack in April 2013? The hack not only threatened U.S. National Security, but also caused panic on Wall Street with a 143-point plunge on the Dow Jones, netting a $200 billion dollar loss. More recently, Bitcoin, the most popular digital currency, reported losses of up to $1.2 million in users’ digital wallets as a direct result from two separate attacks.

Despite the promise of SMS-based 2FA as today’s most effective tool in combatting hacks, Internet companies and businesses integrating 2FA will want to educate and reassure their user base that mobile numbers will be used for security purposes only. Regardless of the country – the more companies that educate and promote SMS-based 2FA as a security tool, the more end-users will choose to opt-in, resulting in increased security of personal information and a significant reduction in the allure of unsecured accounts to hackers.

Thorsten Trapp is the co-founder and CTO of Tyntec. He is a highly regarded mobile industry expert with over 30 years’ experience in the space.

ABOUT AUTHOR