2FA or Not 2FA

Opting in on an extra step for cybersecurity

December 12, 2018

Despite gradual industry acceptance of two-factor authentication (2FA), many consumer websites still don’t provide a full set of 2FA options—including easily accessible and clear-cut information for users—according to a recent study.

Growing Customer Acceptance Of 2FA

Until recently, consumers may have been the chief resisters to 2FA systems, desiring quick and easy access to their online accounts; however, many people now are realizing that passwords are just not enough—that even complex combinations of letters, numbers and symbols are no match for today's hackers. It's too easy for cybercriminals to use brute force, social engineer or harvest plain-text passwords.

Consumers also are getting accustomed to a higher level of personal security in their daily lives. Apple’s facial recognition system, fingerprint readers on laptops, and the Transportation Security Administration (TSA) airport scans are examples of how extra security measures are becoming more widespread and accepted. As individuals living in a fast-paced, digital world, we are starting to see these tools as a benefit.

Overcoming Industry Hesitation

Executives at many organizations know that 2FA is beneficial, but the additional cost or inconvenience factor may hold them back from implementing it. Investing in 2FA can mean additional administrative, hardware and training costs, as well as extra time for customers to log in and gain access to their accounts. While added costs are typically minimal, and the log-in process normally only takes a couple of extra seconds, the idea of a “wait” isn't necessarily something organizations want to impose on customers or that customers have the patience to deal with.

Lingering uncertainty about customer acceptance has led some organizations to avoid enabling 2FA by default and instead ask for customer permission to do so. It ultimately comes down to the fact that people are looking to access their accounts with the least amount of effort, in the shortest amount of time. Given that user experience usually trumps security, industry professionals need to take steps to make 2FA easier to use without compromising the security it provides.

Some organizations are starting to use technologies like authenticator apps to send customers a secondary authorization code or a one-time verification code to get into their accounts without a secondary device. These technologies are still being refined by major companies like Apple, Facebook and Google; however, solutions like these—that are focused on convenience—are ultimately what’s necessary for consumers to stop viewing 2FA as cumbersome.

Opting In To 2FA

For 2FA to truly catch on, a shift in perspective needs to take place. We are seeing more and more people use 2FA not because they necessarily want to—but because some online accounts require them to do so, or they understand what’s at stake. Using 2FA is similar to purchasing insurance—it doesn’t seem that important until you need it. It’s now up to enterprise organizations to go beyond offering the bare minimum when it comes to online security and provide consumers with robust 2FA solutions that are readily accessible, well explained and easy to use.

Kathleen Hyde is the Chair of Cybersecurity Programs at Champlain College Online. Her areas of interest and expertise include insider threat detection, emerging threats and defenses, digital privacy and surveillance, and cybersecurity for educators.She can be reached at khyde@champlain.edu.

In this webinar, we are going to explore all the different cloud models used in video surveillance and cloud access control solutions. We will also discuss the rising trend of “Security as a service” and how this can impact the future of security buying, maintenance, and relationships between security providers and clients.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.