Worrying about cloud security might have been top of mind primarily for businesses once upon a time, but these days consumers are as anxious as companies when it comes to protecting data in the cloud. This month’s iCloud photo hack is a good example. With so many big-name breaches in the news, it seems everyone is looking for technologies and techniques to keep data safe while locking criminals out. Yet there’s one course of action that goes ignored way too often: two-factor authentication.
The popularity of password cracking and brute-forcing tools has made this an especially vulnerable area. Two-factor authentication helps prevent this with an extra layer of security during authentication transactions. Using Apple for another example – we just watched the company launch its mobile wallet with a 2FA security approach. It’s even required by PCI DSS for secure remote connectivity. That said, it’s not just for banking and online purchases. While credit card numbers will always be an attractive target, other sensitive buyer information like social security numbers and general identity data are also in demand.
All of which means that two-factor authentication can be a strong security measure for pretty much any login process. But as I’m sure you know, many businesses hesitate to implement it for fear of irritating their buyers with the often-perceived inconvenience of extra login steps. The added security might be in the consumer’s best interest, but brands are afraid of driving away customers with a process that might be slower or more demanding than a competitor’s.
The good news is that there are recent innovations that are solving the convenience issue. Let’s take a look.
First we have new tools that have found workarounds so customers don’t have to take a second step. One popular protocol, OAuth, lets third-party sites access a customer’s details without a password assuming the customer has already authenticated with the OAuth service provider. It opens a browser window that obtains a security code from an authenticator app, thereby eliminating the need to manage an entire collection of application-specific passwords. Other tools seamlessly integrate into existing application login workflows by using a robust API that works with smartphones and platforms.
Are all new two-factor authentication tools perfect? Not at all. In fact, at Armor we advise against SMS-based techniques such as texting to reset passwords. These tend to be compromised on a regular basis, either through malware on the phone or other methods. Hardware solutions tend to be a safer bet. Some tools, for instance, use a USB device as a physical token that generates one-time passwords or similar as the second factor. Users log in like usual with usernames and passwords, then activate their second factor by pressing a button on the device, which augments the password with a one-time code.
Other hardware techniques move user credentials to a separate device, which perpetually generates new and unqiue passwords. All earlier passwords are rendered obsolete, blocking access for even hackers that recorded those passwords. Still other hardware utilizes NFC on modern mobile devices, allowing mobile security without the risk of SMS two-factor authentication.
These are just a few of the new two-factor solutions on the market. Hopefully it’s clear by now that we need to retire the primitive two-factor offerings of the past and leave burdensome login steps and multiple passwords behind. By adopting the newest technologies, brands can offer their customers convenience and swiftness as well as safety. Remember, we live in an era where consumers expect everything to be as easy, fast and smooth as possible, whether they’re doing online banking, checking social media accounts or ordering from their favorite retailers – but they expect businesses to keep them safe as well. Organizations that can offer both convenience and security will not only prevent potential breaches but enjoy a reputation as the brand to trust.