In June, mobile identity company TeleSign commissioned a study on consumers’ concerns about online security and their exposure to breaches. It found that, amidst increasing reports of well-publicized breaches, 80 percent of consumers are worried about their online security and 40 percent have experienced a security incident within the past year. It also found, however, that 73 percent of online accounts use duplicated passwords and more than half of consumers use five or fewer passwords across their entire online life.
“The study really confirmed what we had expected, especially considering the number of data breaches we see, many of which are related to a reliance on usernames and passwords,” said Stephen Bolinger, CIPP/E, CIPP/G, CIPP/US, CIPM, chief privacy officer and vice president of legal at TeleSign.
Given statistics like those, TeleSign has launched a campaign aimed at educating consumers on what it says is the future of mobile identity: two-factor authentication. That is, identifying a user by relying on at least two of three credentials: something the user has (mobile phone, generally), knows (username and password) or is (biometric identifier like a fingerprint or iris scan).
Bolinger points to Verizon’s 2015 Data Breach Report, which found that 24 percent of data breaches could have been prevented by the use of two-factor authentication.
“The reason (two-factor authentication) helps protect individuals more than just relying on a username and password does is that the likelihood of an attacker having access to two of those things as opposed to one is far less likely,” he said, adding that while a hacker might have a username and password, it’s unlikely the hacker will also have the user’s mobile phone.
Bolinger said he sees a “strong increase” in the number of sites using two-factor authentication—both from TeleSign’s customer base and more broadly in the market. Despite that, however, he said customer education is going to be key to making implementation effective.
“Users don’t seem to know about two-factor authentication and don’t know where to go in and turn it on,” he said. “The first step is making sure companies out there are doing the right thing and making it available to their end users. But many companies who have implemented it could do a better job at helping raise awareness to encourage their users to use it.”
TeleSign’s website is tracking which organizations employ two-factor authentication and encourages users to ask those that aren’t currently to start offering it. Bolinger said it’s not a difficult mechanism to implement.
“It’s readily available, and it’s cost-effective,” he said. “It’s really incumbent on organizations to start promoting the technology.”
To read more about TeleSign’s campaign, visit www.turnon2fa.com.