Information Security

Debunking 5 myths of two-factor authentication

2 FA myths and excuses

It’s becoming the benchmark of online security best practice. Why then, are so many companies still relying solely on passwords?

We explore some of the most common myths or excuses:

Myth 1: It adds complexity to the authentication process

Different authentication processes require more interaction from users than others. With voice authentication, you have to answer a phone call, remember a code and enter it. With SMS authentication, you need to enter a PIN code while with a hardware ‘fob’ you have to keep it with you at all times. Many companies offer its users a choice of authentication method, for example email or SMS one-time PINS. These days, users are becoming more and more accustomed to this extra step, and would appreciate that a business is looking out for their online safety.

Myth 2: It’s an expensive process

Before the explosion of smartphones, a hardware token was a popular method of authentication. Considering these can cost more than $100 each, can easily be lost and can be hard or frustrating to use, it’s no wonder that the perception exists that two factor authentication is expensive. Compared to hardware options, SMS and voice authentication is much more cost effective. When considering costs, remember that prevention is always far cheaper than recovery. By putting security measures in place now, you can save yourself from the crippling costs of reputation recovery later.

Myth 3: It spoils the user experience

When you’ve put a lot of love into building your online or mobile app user experience, you want to ensure seamless interactions at every stage. So while business owners know the security risks, many opt for weaker security measures to not ‘scare off’ or inconvenience their users. Alarmingly, many banks will only use two factor authentication for funds leaving accounts, not for log-ins. Smart businesses realize that two factor authentication is not just ticking the compliance box but is also a chance to improve the user experience by reducing fraud.

Myth 4: It’s complicated to implement

No form of two factor authentication comes without some implementation challenges, whether it is the distribution of hardware tokens and educating your customers on using them, or integrating voice or SMS authentication with your website or app. However, with a developer by your side, it can be relatively quick and easy to implement an API into your system that enables SMS two factor authentication. All you need is a user’s phone number to get started – a device that is always omnipresent these days.

Myth 5: It’s not a guarantee against fraud

It is important to have a larger security strategy in place, of which two factor authentication could be one aspect. Authentication enabling companies are constantly innovating their products to offer more sophisticated methods of authentication. For example, multi factor authentication is a completely out-of-band (OOB) solution that is highly secure. An example of this is a technology that generates one-time passwords by prompting users via SMS to solve an image-based authentication challenge on their mobile phone. If you feel that one method of authentication is not satisfactory for your company’s risk profile, then there are many other methods and security parameters to explore.

Two factor authentication via SMS remains unrivaled in its simplicity and cost effectiveness, which is why so many online services and mobile app clients choose it. That’s why internet giants like Google and Facebook use it to protect their users from hackers and phishers.

For more ideas on how you can easily add an extra layer of protection, read more about Clickatell’s solutions for two factor authentication.

Explore other articles

Step into the future of business messaging.

SMS and two-way channels, automation, call center integration, payments - do it all with Clickatell's Chat Commerce platform.