It used to be that you could make a strong password based on a random sequence of letters, numbers and symbols and not worry about someone guessing it. Now? Forget about it. Mobile ransomware was up 33% in 2018 despite 98.4% of business phones and 97.9% of consumer phones being password protected. Passwords just aren’t enough anymore—especially when your company is tasked with the responsibility and liability of keeping data safe.
Two-Factor Authentication—Going Past the Passwords
When considering implementing two-factor authentication for your customers, consider what’s at risk here: Access to one-touch purchase and credit card-linked accounts, personal emails, private documents, photos, text messages—“special pictures…” These are all thing that deserve a second layer of security. Providing it will help boost consumer confidence and trust in your business, giving your app a huge advantage over your less-secure competitors.
How Two-Factor Authentication Works
Two-factor authentication is a fairly simple process:
- Something you know—like a password, pin or pattern
- Something you have—like a smartphone, dongle, RFID or token
- Something you are—like a biometric scan of your face, retina or fingerprint
Two-factor authentication requires at least TWO of these factors be met. For example, if you input your password, receive an SMS text message on your cell phone and then input that as well, you’ve met the “something you know” and “something you have” factors.
On the other hand, if you input your password and then answer a security question, those are both the same factor (something you know), and therefore only “two-step” verification—not two-factors. Using two of the same factor isn’t as secure as using two different factors.
Yeah, But Do I Really Need Two-Factor Authentication?
Of course not. You can just risk it. But Slack, Amazon, Dropbox, Google, Facebook, Apple, Microsoft, Evernote, Venmo, Paypal and just about every major player in the app and mobile industry offers—or demands—two-factor authentication. So if you know more than Google and Apple, sure—you don’t really need it!
But before you run out into the world unprotected, consider this last fact: there is no reason for not implementing two-factor authentication:
- It’s the easiest and cheapest way to automatically increase security and consumer data protection
- Integration with API is seamless and easy
- Previous problems with Twilio in Argentina (customers never receiving the text message or experiencing big delays) have been solved by the launch of Wavy, whose API connects to the apps we build in a matter of minutes
The choice is yours—you can put your customers at risk while basically telling them you don’t really care about keeping their data secure, or you can increase their trust in your company while reducing your own risk and liability. Easy choice, right?
We thought so. Let’s talk about getting your company started with two-factor authentication today.