Let’s face it: no customer ever got excited about enabling 2FA. Even at Twitter, only 2.3% of users have enabled it. But what if stronger security for your users could be effortless?
Sometimes a Twitter thread is so good, it merits further amplification. We’ve been fans of ethical hacker and InfoSec thought leader Rachel Tobac for some time now, and her thread on the adoption of MFA/2FA (multi-factor or two-factor authentication) is a must-read for trust and safety product managers, and anyone responsible for ensuring users are securing their accounts.
The upshot? They aren’t.
You’d think that a service like Twitter would lead the way on their users adopting stronger security. But a mere 2.3% of Twitter users have 2FA enabled.
This statistic got us wondering what other research is out there on 2FA adoption, and we found Dark Reading’s excellent writeup of Duo Labs survey results from 2019.
Their research suggests that while there is growing awareness of 2FA security – and SMS 2FA, more specifically – that still doesn’t mean there’s growing adoption. Why?
The obvious issue at play here is that, as humans, we are motivated by things that are easy, not effortful. And let’s face it, no one has ever opened an email that announced ‘We’re enabling two-factor authentication, here’s what to do next’, and said ‘Yay! I always wanted to do that.’
The human factor in security policies is something that our CEO Paul McGuire will be discussing in the final episode of the SIM Security podcast.
Paul's main thesis? If we can focus on reducing friction and effort related to security, instead of ever-tightening it, we’ll be in a much stronger place as an increasingly digital society.
Meanwhile, adoption challenges with 2FA/MFA – not to mention the security loopholes in SMS-based 2FA – are a great reminder that mobile identity verification needs a revamp.
It’s not easy to wrap your head around the concept that invisible protection can be secure, but that’s exactly what SIM-based authentication is. It’s the same authentication your mobile phone uses every day when you make phone calls or connect to data. You don’t have to log in to your network operator every time you do this – verification happens seamlessly between the phone’s SIM card and the nearest mast.
Until recently, network-level authentication checks of the mobile number were only available to mobile networks themselves, or enterprise customers. Now, tru.ID opens up access to network authentication systems using APIs, meaning every app or website that needs to verify mobile numbers can embed verification that’s invisible to the end user.
tru.ID products easily integrate into any client-server application architecture using restful APIs and iOS, Android, React Native and Mobile Web SDKs.
Developers can find all they need to get started in our documentation, including integration guides for all our products. Simply sign up to start integration, and test for free, today – or contact Sales to find out how tru.ID can help your business.