Apparently, passwords are on my mind lately. Not too surprising since I had to reset several of my passwords recently. Passwords drive me crazy, to be honest, especially when I need to use them on my phone or tablet. For some reason, I have some passwords that I know I’m entering correctly onto my mobile device, but they just don’t take on the first or second try. I would be more than happy to put the old-fashioned password security system to pasture and to give something else a try, like two-factor authentication.
I’m not the only one who feels that way. A new study from tyntec and Ponemon Institute, Unlocking the Mobile Security Potential: The Key to Effective Two-Factor Authentication, found that 68 percent of IT and IT security decision makers are ready for a change to something more secure than the current password/username combination. Nearly half of those surveyed say they plan to institute SMS-based, two-factor authentication in 2014.
Here’s the statistic that jumped out at me. Nearly three-quarters of the respondents say one of the reasons they want to make the switch to two-factor authentication is to improve the customer experience, and they foresee customers as willing to participate in mobile verification options.
That’s not to say two-factor authentication, especially SMS-based authentication, is foolproof. In fact, this survey does a good job pointing out the problems faced with SMS-based, two-factor authentication (2FA). As a release about the survey stated:
Despite its effectiveness, organizations implementing SMS-based 2FA are experiencing issues when it comes to implementation and conversion rates as a result of invalid mobile numbers provided by end-users. According to the survey, 29% of respondents in North America cite that on average 11-20% of OTPs fail to be delivered. Of that, 48% on average fail because an invalid mobile number was entered by the end-user.
The solution is to come up with tools that do a better job with mobile number verification, tools that the majority of IT and security personnel are willing to add to security management.
This isn’t going to be the perfect solution, and it certainly won’t eliminate the need for passwords. But as Thorsten Trapp, CTO of tyntec, said in a CSO interview, it’s a start, adding:
To improve authentication for most, reconsider how to use existing infrastructure to develop solutions. Reconsidering SMS means the possibility of more convenience, a better experience, and using an out-of-band mechanism that works for almost everyone.