Frost and Sullivan Reports: Digital Transformation for Enterprise Learn more

Advantages of two factor authentication

This post is the second in our series on digital security and two-factor authentication.

It seems to have taken a security breach the size of Heartbleed to finally see more popular emphasis on digital security at the consumer level.

Thankfully, there are solutions already at hand, and the best is two-factor authentication.

Locking down NYC

  Photo used under a CC license from Flickr user Tiago.

Two-factor authentication, also commonly referred to as two-step verification, requires an online account holder to present two separate passwords before being allowed to log in to their account.

The first password is the user’s primary account password. The second password is sent to a separate location—typically a mobile device—as a unique, time-sensitive security token that expires in a pre-defined period of time (e.g., 10 minutes).

This second password is known in the industry as a one-time password (OTP), and is often sent via SMS or IP to the user’s personal mobile device.

If online users had had two-step authentication on their accounts, an attacker would have needed both their primary password as well as their temporary, one-time-use password before it expired to gain access to users’ personal information.

With two-step verification in place, even if an Internet attacker has stolen a user’s online account password by exploiting a vulnerability such as the Heartbleed bug, they cannot log in without also having that one-time password, which is sent to the mobile user’s phone.

This results in:

  • Reduced probability of an Internet attacker gaining access to an account, resulting in fewer security breaches
  • Lower total costs of disruption
  • An additional protection option that can be advertised to account holders; having this option available reduces the reputation risk following a security breach

As the Heartbleed bug demonstrated, any breach to consumer account security—especially involving a consumer’s sensitive or private data—can result in significant costs and reputation damage for the company.

In the next post in this series, we’ll discuss best practices for implementing two-factor authentication at the enterprise level. Want a more in-depth discussion? Read the full whitepaper.

LEARN MORE ABOUT 2FA

About Matt Thompson

Matt joined Soprano in 2013 to create and lead Soprano’s global product management and marketing efforts across all regions, including Asia, Australia, Europe, LATAM and the US. He helps shape and execute Soprano’s product strategy both globally and with individual regions and MNO partners. He oversees Soprano’s carrier revenue acceleration model, which includes direct involvement in new product launch activities, carrier-branded industry websites, B2B digital marketing campaigns, and ongoing product marketing. He lives and works in Seattle, Washington.