Many organizations are looking to expand their use of SMS-based two-factor authentication this year to improve security, according to a new survey by the Ponemon Institute.
The research found that nearly half (46 percent) of the 1,861 IT professionals surveyed plan to extend their use of SMS-based two-factor authentication for identity verification and the activation of online services. Among the respondents in North America, the figure was 55 percent. Just nine percent of North America organizations felt that single-step authentication was enough, while 68 percent agreed there’s a need for more secure authentication methods than the traditional username and password combo.
Seventy-two percent of the North American respondents also said they felt SMS-based two-factor authentication would improve the customer experience due to improved mobile authentication features.
“Enterprises and internet companies know that the traditional username and password is simply not enough anymore,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “However, companies deploying SMS-enabled two-factor authentication need to ensure that one-time passwords aren’t being sent to invalid mobile numbers. As a result, the research confirmed that 67 percent of global respondents said customer experience improves when SMS-based two-factor authentication is combined with real-time verification of the receiver’s mobile number.”
For the most part, companies implementing SMS-based two-factor authentication use it during user registration (43 percent) or at each login (38 percent). Despite its effectiveness, organizations using it said there are sometimes problems. Twenty-nine percent of respondents in North America said that on average 11 to 20 percent of one-time passwords fail to be delivered, with nearly half failing because an invalid mobile number was entered by the end-user.
“To service providers looking to increase security for their users, the ability to pre-verify mobile numbers is essential,” said Thorsten Trapp, co-founder and CTO of tyntec, which sponsored the survey, in a statement. “In addition to accruing costs in messaging fees, invalid mobile numbers also result in unauthenticated one-time passwords, un-activated accounts and unmet expectations on behalf of both the sender and end-user. Companies therefore need to ensure that they strike a balance between cost and reliability from the beginning. By performing a validity check of the mobile numbers provided in real-time, companies can instantly notify users of the mistake and allow access to vital services that they’ve requested or subscribed to.”