Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Organizations Look to Expand Use of Mobile Two-Factor Authentication Schemes: Survey

Many organizations are looking to expand their use of SMS-based two-factor authentication this year to improve security, according to a new survey by the Ponemon Institute.

Many organizations are looking to expand their use of SMS-based two-factor authentication this year to improve security, according to a new survey by the Ponemon Institute.

The research found that nearly half (46 percent) of the 1,861 IT professionals surveyed plan to extend their use of SMS-based two-factor authentication for identity verification and the activation of online services. Among the respondents in North America, the figure was 55 percent. Just nine percent of North America organizations felt that single-step authentication was enough, while 68 percent agreed there’s a need for more secure authentication methods than the traditional username and password combo.

Seventy-two percent of the North American respondents also said they felt SMS-based two-factor authentication would improve the customer experience due to improved mobile authentication features.

“Enterprises and internet companies know that the traditional username and password is simply not enough anymore,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “However, companies deploying SMS-enabled two-factor authentication need to ensure that one-time passwords aren’t being sent to invalid mobile numbers. As a result, the research confirmed that 67 percent of global respondents said customer experience improves when SMS-based two-factor authentication is combined with real-time verification of the receiver’s mobile number.”

For the most part, companies implementing SMS-based two-factor authentication use it during user registration (43 percent) or at each login (38 percent). Despite its effectiveness, organizations using it said there are sometimes problems. Twenty-nine percent of respondents in North America said that on average 11 to 20 percent of one-time passwords fail to be delivered, with nearly half failing because an invalid mobile number was entered by the end-user.

“To service providers looking to increase security for their users, the ability to pre-verify mobile numbers is essential,” said Thorsten Trapp, co-founder and CTO of tyntec, which sponsored the survey, in a statement. “In addition to accruing costs in messaging fees, invalid mobile numbers also result in unauthenticated one-time passwords, un-activated accounts and unmet expectations on behalf of both the sender and end-user. Companies therefore need to ensure that they strike a balance between cost and reliability from the beginning. By performing a validity check of the mobile numbers provided in real-time, companies can instantly notify users of the mistake and allow access to vital services that they’ve requested or subscribed to.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...