Will We See More SMS-Based Two-Factor Authentication in 2014?

Sue Marquette Poremba
Slide Show

Ten Approaches to Protecting Mobile Data

Apparently, passwords are on my mind lately. Not too surprising since I had to reset several of my passwords recently. Passwords drive me crazy, to be honest, especially when I need to use them on my phone or tablet. For some reason, I have some passwords that I know I’m entering correctly onto my mobile device, but they just don’t take on the first or second try. I would be more than happy to put the old-fashioned password security system to pasture and to give something else a try, like two-factor authentication.

I’m not the only one who feels that way. A new study from tyntec and Ponemon Institute, Unlocking the Mobile Security Potential: The Key to Effective Two-Factor Authentication, found that 68 percent of IT and IT security decision makers are ready for a change to something more secure than the current password/username combination. Nearly half of those surveyed say they plan to institute SMS-based, two-factor authentication in 2014.

Here’s the statistic that jumped out at me. Nearly three-quarters of the respondents say one of the reasons they want to make the switch to two-factor authentication is to improve the customer experience, and they foresee customers as willing to participate in mobile verification options.


That’s not to say two-factor authentication, especially SMS-based authentication, is foolproof. In fact, this survey does a good job pointing out the problems faced with SMS-based, two-factor authentication (2FA). As a release about the survey stated:

Despite its effectiveness, organizations implementing SMS-based 2FA are experiencing issues when it comes to implementation and conversion rates as a result of invalid mobile numbers provided by end-users. According to the survey, 29% of respondents in North America cite that on average 11-20% of OTPs fail to be delivered. Of that, 48% on average fail because an invalid mobile number was entered by the end-user.

The solution is to come up with tools that do a better job with mobile number verification, tools that the majority of IT and security personnel are willing to add to security management.

This isn’t going to be the perfect solution, and it certainly won’t eliminate the need for passwords. But as Thorsten Trapp, CTO of tyntec, said in a CSO interview, it’s a start, adding:

To improve authentication for most, reconsider how to use existing infrastructure to develop solutions. Reconsidering SMS means the possibility of more convenience, a better experience, and using an out-of-band mechanism that works for almost everyone.



Add Comment      Leave a comment on this blog post
Mar 17, 2014 8:40 AM Jessica Jessica  says:
I'm glad you brought this up! I try not to use sms based 2fa for several of the reasons mentioned and because texts are unencrypted. Though, I am a huge fan of 2fa! I use an app called toopher because it's not text based, it just uses an app so it's much more secure. Reply
Jul 3, 2014 9:36 PM audreyberry194 audreyberry194  says:
This is a special case of a multi-factor authentication which might involve only one of the three authentication factors (a knowledge factor, a possession factor, and an inherence factor) for both steps.openid connect Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Close
Thanks for your registration, follow us on our social networks to keep up-to-date