Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Organizations Look to Expand Use of Mobile Two-Factor Authentication Schemes: Survey

Many organizations are looking to expand their use of SMS-based two-factor authentication this year to improve security, according to a new survey by the Ponemon Institute.

Many organizations are looking to expand their use of SMS-based two-factor authentication this year to improve security, according to a new survey by the Ponemon Institute.

The research found that nearly half (46 percent) of the 1,861 IT professionals surveyed plan to extend their use of SMS-based two-factor authentication for identity verification and the activation of online services. Among the respondents in North America, the figure was 55 percent. Just nine percent of North America organizations felt that single-step authentication was enough, while 68 percent agreed there’s a need for more secure authentication methods than the traditional username and password combo.

Seventy-two percent of the North American respondents also said they felt SMS-based two-factor authentication would improve the customer experience due to improved mobile authentication features.

“Enterprises and internet companies know that the traditional username and password is simply not enough anymore,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “However, companies deploying SMS-enabled two-factor authentication need to ensure that one-time passwords aren’t being sent to invalid mobile numbers. As a result, the research confirmed that 67 percent of global respondents said customer experience improves when SMS-based two-factor authentication is combined with real-time verification of the receiver’s mobile number.”

For the most part, companies implementing SMS-based two-factor authentication use it during user registration (43 percent) or at each login (38 percent). Despite its effectiveness, organizations using it said there are sometimes problems. Twenty-nine percent of respondents in North America said that on average 11 to 20 percent of one-time passwords fail to be delivered, with nearly half failing because an invalid mobile number was entered by the end-user.

“To service providers looking to increase security for their users, the ability to pre-verify mobile numbers is essential,” said Thorsten Trapp, co-founder and CTO of tyntec, which sponsored the survey, in a statement. “In addition to accruing costs in messaging fees, invalid mobile numbers also result in unauthenticated one-time passwords, un-activated accounts and unmet expectations on behalf of both the sender and end-user. Companies therefore need to ensure that they strike a balance between cost and reliability from the beginning. By performing a validity check of the mobile numbers provided in real-time, companies can instantly notify users of the mistake and allow access to vital services that they’ve requested or subscribed to.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.