In today’s digital economy, where everything that we do is through an app, here are some staggering data points for the security conscious. The average user visits 25 password protected sites, but uses only 6 passwords. In fact, 73% of people use the same password across multiple websites, and 33% use it in every site.
Could we make it any easier for the digital hackers? Not surprisingly, hacks and digital hijacks have continued to grow and morph into a very nasty business, that can leave individuals, organizations, governments, businesses, web and mobile apps compromised. Anyone remember security breaches with Target, eBay and Ashley Madison?
40% of global consumers experiences a security incident in 2015 and often was related to a stolen password. 68% of global consumers say that they want online companies to provide additional layer of security.
We’ve all become accustomed to being forced to use more secure passwords (letters, capital letters, numbers, symbols, etc.) and are prompted to change our passwords given the rash of large data compromises (from Facebook and LinkedIn to dating sites and banking platforms). Hackers have gotten really good and are no longer guessing, but using algorithms to tunnel in. Security systems at the edge are flawed. Complicated passwords generators are a step in the right direction, but when our memories fail us or we accidentally reset our browsers and lose our stored passwords – we lock ourselves out of our own worlds which are digitally driven.
The broadbandits out there are getting more sophisticated every day, so there’s great incentive for innovators to make user authentication (i.e proving that I am who I say I am) really work.
Over the years two factor authentication (2FA) has emerged as a way to add an extra level of security, requiring a user to have a physical element (such as a phone), in addition to their username and password. This additional step prevents unauthorized access. Unfortunately, the complexity and cost of implementing 2FA have been a real deterrent for enterprises to adopt these security solutions. In addition, some end users have resisted this protection as most solutions rely exclusively on SMS/text messaging – depending on the user’s mobile plan, these validation messages can create significant additional charges.
Two Factor Authentication Truth Factors
2FA asks individuals to authenticate that you are who you say you are by supplying not only your password, but a unique code given to you by your phone or from an app. Simply put, this makes it 100X harder for those trying to access your accounts on your physical device to hack in.
It’s one thing to leave your phone in a cab and know that nobody can get in (well most common thieves) but another thing altogether to prevent a thief including one using sophisticated trolling approaches to break into applications without your device present.
The best 2FA is designed to work across multiple applications on a single device and requires that access to the application from another device provide the device authentication. It also provides the end user flexible and multiple options for authentication. Yes, there are still some people that rely on their “home phones” or non-smart phones. SMS based validation? Not really an option.
A flexible 2FA solution allows multiple authentication mechanisms including flash calls, IVR’s or SMS – all work.
For SMS based 2FA, an SMS is sent to the user with an authentication code to enter into the application. In some interesting 2FA implementations, on Android devices, this code can actually be retrieved automatically. For IVR based 2FA, a call is sent to the user’s phone with an automatic voice message that includes the code. Perfect for those folks that are still not on smart phones!
Flash calls will probably become the gold standard, as the verification code comes in and is validated and entered directly, with no manual input required. The phone is never answered, so the cost to the end user is zero. This is the beauty of a flash call.
But even more important than flexibility is reliability. How annoying is it when your app tell you to enter a security code that you never got!
Who can benefit from 2FA?
Just about any organization. But who can afford to implement it? Yes, a good 2FA solution needs to be affordable.
Over the past few years, web services providers, e-commerce companies, banks and now gaming companies have progressed with 2FA. Among the largest web services companies? Apple, Google, Facebook, Twitter, Facebook and more.
But more than just the “big guys” can benefit – and their subscribers can benefit – from a scalable 2FA solution. The good news today is they don’t have to build it themselves, invest in physical infrastructure, maintenance and more – cloud to the rescue. This can even include biometric “3FA” with fingertip authentication via the cloud that innovators like Sonavation have been bringing to market (with fingertip recognition that works through Corning’s Gorilla Glass – they were first in the world to achieve this in 2015). Innovative solutions are also adding additional security by including factors like IMEI, IMSI, UDID and location.
For decades, hardware-based tokens have been the standard for secure two-factor authentication. They worked and still work but they are expensive and complex to manage.
Cloud-based delivery including provisioning and management portals are making it far less expensive to set up, roll out and scale. No upfront capex doesn’t hurt.
And it doesn’t hurt that the same solutions for “in-office” apply to “remote locations,” and work across desktops, laptops, tablets and smartphones – any connected IP device.
Cloud-based 2FA is easier to manage, less expensive and – importantly – with the right “enterprise grade” architecture meets compliance requirements thus supporting not only gamers and other consumers, but workplace professionals across every industry vertical.
Who will the winners be in 2FA?
Solutions providers who base their business models on “equipment” – “USB devices” – “servers” – “maintenance contracts” – and other traditional models will not be able to compete with the economics and flexibility of cloud providers.
Those companies who have invested in and have momentum in cloud, those CSPs that have a strong base of embedded customers who buy Internet Access, bandwidth, real time communication services are in a unique position to offer 2FA to enterprises. They have the advantage of owning the network, so the solutions can scale and have reach – many with global reach. They can offer the reliability and cost beneath fit that others can.
And of course – consumers and businesses who will be “less hacked” in the future – will naturally win. Look for 2FA to be one of the biggest growth trends for CSPs this year and beyond – security challenges are not going away, and staying out in front of those challenges not only protects massive real time communications businesses, but in fact enhances their brand reputations.