Why is it that your customers don't use 2FA?

August 3, 2021
Thomas Hull
Content Specialist

Photo by Tachina Lee on Unsplash

Try out tru.ID

Make your first phone check in 1 minute. No app required to test. Get started for free.
Sign up

Follow us on

Github iconTwitter iconLinkedIn icon

Let’s face it: no customer ever got excited about enabling 2FA. Even at Twitter, only 2.3% of users have enabled it. But what if stronger security for your users could be effortless?

Sometimes a Twitter thread is so good, it merits further amplification. We’ve been fans of ethical hacker and InfoSec thought leader Rachel Tobac for some time now, and her thread on the adoption of MFA/2FA (multi-factor or two-factor authentication) is a must-read for trust and safety product managers, and anyone responsible for ensuring users are securing their accounts.

The upshot? They aren’t. 

Even Twitter has a 2FA problem


You’d think that a service like Twitter would lead the way on their users adopting stronger security. But a mere 2.3% of Twitter users have 2FA enabled.

Account Security 2FA
Source: Twitter


This statistic got us wondering what other research is out there on 2FA adoption, and we found Dark Reading’s excellent writeup of Duo Labs survey results from 2019.

Their research suggests that while there is growing awareness of 2FA security – and SMS 2FA, more specifically – that still doesn’t mean there’s growing adoption. Why?

Get this article in your inbox - get The Dot.

The Dot is our regular email about digital identity and news we're certain you'll find interesting.

Security is about human effort

The obvious issue at play here is that, as humans, we are motivated by things that are easy, not effortful. And let’s face it, no one has ever opened an email that announced ‘We’re enabling two-factor authentication, here’s what to do next’, and said ‘Yay! I always wanted to do that.’

The human factor in security policies is something that our CEO Paul McGuire will be discussing in the final episode of the SIM Security podcast.

Paul's main thesis? If we can focus on reducing friction and effort related to security, instead of ever-tightening it, we’ll be in a much stronger place as an increasingly digital society. 


What if 2FA was effortless?

Meanwhile, adoption challenges with 2FA/MFA – not to mention the security loopholes in SMS-based 2FA – are a great reminder that mobile identity verification needs a revamp. 

It’s not easy to wrap your head around the concept that invisible protection can be secure, but that’s exactly what SIM-based authentication is. It’s the same authentication your mobile phone uses every day when you make phone calls or connect to data. You don’t have to log in to your network operator every time you do this – verification happens seamlessly between the phone’s SIM card and the nearest mast. 

Until recently, network-level authentication checks of the mobile number were only available to mobile networks themselves, or enterprise customers. Now, tru.ID opens up access to network authentication systems using APIs, meaning every app or website that needs to verify mobile numbers can embed verification that’s invisible to the end user. 

How to get started

tru.ID products easily integrate into any client-server application architecture using restful APIs and iOS, Android, React Native and Mobile Web SDKs. 

Developers can find all they need to get started in our documentation, including integration guides for all our products. Simply sign up to start integration, and test for free, today – or contact Sales to find out how tru.ID can help your business.