If you are in the growing app and SaaS market, you will know all too well about the critical issues surrounding user security and privacy.
Since 2005, Two Factor Authentication has had a growing increase in interest, usage and adoption by businesses and users, as privacy and safety of our online lives becomes more important. Just looking at Google Trends shows that Two Factor Authentication is here to stay, and the forecast shows promising growth.
Just think, how much information do you have in the apps and services you use everyday? The credit card on Uber, the demographic info on Facebook, and the locations registered on iCloud. All of this is fine and we are told that it is secured with the latest SSL security, 128-bit AES encryption and more, but what happens when this security is cracked and your data becomes vulnerable? Datasecutity.net published a fantastic visualization of the worlds biggest data breaches to put this into some perspective.
Passwords are just not as safe as we think, and this is because of two reasons:
The security software company Kaspersky have a quick tool on their website for you to test how long it would take an average computer with some password cracking software to find your password. Some simple passwords can take as little as 3–10 seconds to crack. Passwords have always been vulnerable. Users can follow guides on making them stronger, but passwords are the first line of defence for account security and attract a great deal of attention from hackers. So more developers are looking towards two factor authentication as a way of adding extra security to their apps and making it harder for attackers to gain access to user details.
Two Factor Authentication is a simple process where an app or service verifies a users identity or login details with an additional step. More often than not, this involves a smartphone or email account (a secondary device) to send a one-time pin code to a user, which they then add into the system and log in.
After set up, most apps follow a similar process of:
A process like this normally (in my experience) takes about 5 minutes to set up and 2 minutes to complete the log in process, with the added value of and piece of mind that you are one step closer to a more secure account for your users, which is a critical issue for many app developers today.
Google have a fantastic introduction to Two Factor Authentication and how it can help ordinary users.
We are using more apps and services than ever on our smartphones and online. What’s more, the data in these services is getting much more valuable, either as personal information or credit card and bank details. So there are spammers and hackers that want to break into apps and services and get this data for themselves.
This costs your businesses and users:
Common issues for apps is attackers sending unwanted messages to users, excessive posting, spamming users and even fraud. Many social messaging and marketplace apps see a great deal of fraud postings, trying to take payment from users. Two Factor Authentication can add an additional step in verify users and making it harder for these attackers to succeed.
There are also attackers who hack subscription accounts such as Netflix and Spotify, and resell these on the back market. Adding a secondary device can help verify your users and reduce this happening. If a user has added two factor authentication to their account, it would require a resold account to have the secondary device to actually log in. Hence, adding this additional step make passwords only part of a more secure log in system.
So in 2015, it is more important than ever to ensure that your apps and services offer an opportunity for your users to set up Two Factor Authentication.
Two Factor Authentication also helps make sure that your user base is legitimate. phone numbers are often hard to fake and most users will keep the same phone number for years, giving phone numbers a fantastic way to verify and identify users offline.
Most of the big digital names are offering Two Factor Authentication to their users today. There is an open source website Two Factor Auth which is collecting information on which services are offering a two factor authentication system for their apps, to build a database on who is following the latest in security features.
Google, Evernote, Facebook, Twitter, iCloud and a whole range of others are all using a secondary device to strengthen their security. In a recent article, digital experience Fred Wilson predicted that in 2015:
Cyber security budgets will explode in 2015 as every company, institution, and government attempts to avoid being Sony’d
Of course, the recent hacking scandal of Sony only goes to show the danger of online privacy.
We have seen some great interest from partners looking to add a two factor authentication system to their apps with Sinch. Although we don’t offer an ‘out-of-the-box’ package, we offer SMS for developers wanting to build their own service and send a message to a secondary device from their own backend.
I would strongly recommend that you start using two factor auth in your apps and services you manage today.
The unprecedented attacks on Paris on November 13, 2015, saw a rise in activity on Facebook, motivating the leading social network to turn on Safety Check, a feature previously reserved for natural disasters. Introduced in October 2014, and borne out… read more
You might have read WebRTC in 2015 and why Apple will never join the party from our Developer Evangelist Chief, Christian, published on ProgrammableWeb a few weeks back. Christian and I decided to reach out to the WebRTC community, and… read more
Like most times during my writing process, first thing is opening a new Google docs sheet, where I create a draft for the next interesting topic to feed to the blog. Then, I choose among technologies as carefully as the… read more
What’s a virtual team? Virtual teams are separated by time, space and organizational boundaries. Interaction and collaboration is mainly enabled through electronic communication, and meeting up physically only happens on rare occasions. Virtual teams can involve business projects or divisions,… read more