October is National Cyber Security Awareness Month in the US, and European Cyber Security Month in Europe. Basically, institutions in these two countries have decided that it’s time for people to get serious about cybersecurity. And they’re right to do it – according to F-Secure’s Business Security Insider blog, there was 81 cyberattacks every minute in 2014.
So hacking is a serious business for these attackers. And one security measure that experts would like to see used more widely is two-factor authentication.
Two-factor (or multi-factor) authentication refers to using more than one piece of information to safeguard access to accounts. Many popular services, such as Facebook and Twitter, offer it to users. However, very few services require it. It’s really more of an option for people interested in having a little bit of extra security for their accounts. A recent survey from Google points out that 89 percent of security experts use two-factor authentication for at least one of their online accounts.
But it’s less popular amongst non-experts. Only 62 percent of non-expert respondents to Google’s survey used two-factor authentication. Other studies indicate that two-factor authentication may be even less popular, with one recent consumer survey finding that 56 percent of respondents were unfamiliar with two-factor authentication.
Although two-factor authentication has been around for ages, it’s starting to become offered by many online services. Passwords are currently the standard in account security, but adding in two-factor authentication adds an extra layer of security. It basically means anyone that gets access to your password will essentially only have “half a key” to your account.
So why don’t more people use it? After all, nearly 80 percent of people are open to alternatives to traditional passwords. One reason might be that it’s too difficult or inconvenient. But the widespread use of mobile devices is making this much easier. Email and SMS messages seem to be easiest and the most popular, with one study finding almost 90 percent of participants using two-factor authentication did so by receiving a code through SMS or email, which they could then enter into a website to confirm their identity.
Another reason could be availability. It’s up to companies and organizations providing online accounts to offer two-factor authentication to customers. This website provides a pretty good list of different online services offering two-factor authentication, so it’s a pretty handy resource. You can also use the site to send tweets to companies not offering two-factor authentication (so don’t hesitate to send a message if you want someone providing you with a service to improve their account security features).
If you crunch the numbers provided by the site, you can get an idea about how common two-factor authentication is for different kinds of services:
So two-factor authentication is definitely more prominent in some industries than others. F-Secure Security Advisor Sean Sullivan says that it’s definitely worth choosing services offering two-factor authentication, especially for important accounts that you use daily, or contain really sensitive information.
“You should figure out what accounts are critical and focus on securing those by using strong, unique passwords and two-factor authentication,” he says. “Lots of companies will offer a monthly or periodic two-factor authentication check, which requires you to enter a code you receive via SMS into a pre-defined phone or computer. It’s really worth having a primary email account with one of these services, as you can centralize information there instead of spreading it around, which makes it easier to stay in control of your accounts.”
Next time you’re thinking about setting up an online account somewhere, you may want to circle back to whether or not they offer two-factor authentication. With the number of devices expected to explode as the Internet of Things becomes more and more popular, it only makes sense to consider whether you’re information is as secure as you’d like.
[ Image by momentcaptured1 | Flickr ]
To commemorate F-Secure’s 30th year of innovation, we’re profiling 30 of our fellows from our more than…
July 12, 2018