Usernames and passwords alone will not protect you against hackers, which is reason enough for the extra security of two-factor authentication (2FA). Any business or organisation that holds accounts, of any sort, for its customers/users, accessed with a password, should now employ 2FA of some kind. This can be a one-time password (OTP), a code that’s automatically generated, or some form of biometric verification, that can be authenticated through the customer/users’ device.
Human beings cannot manage multiple passwords
Human beings are notoriously bad at managing their passwords; there’s an estimation that approximately 73% of their online accounts use duplicate passwords. And while passwords are generally secure if humans use strong password logins, and change them regularly, statistics show that they tend not to do this.
Passwords are steal-able
Recent studies show that 95% of all web security breaches are through the use of stolen or weak passwords. Cyber criminals use various malware to gather passwords, and targeted phishing attacks, as well as ‘shoulder surfing’ and ‘key logging’, not to mention password-cracking software.
Security breaches are on the rise; we need more authentication not less
Cybercrime is on the increase as we conduct more and more of our lives online. Security breaches are up 11% just from 2018 and with an estimated 300 billion passwords for hackers to go at, with evermore sophisticated techniques, this is unlikely to slow down anytime soon.
Passwords are losing credibility
From what we’ve already said about passwords being steal-able and hard for people to manage, they are predicted to become a thing of the past. In terms of credible security for organisations, passwords are not the answer and there is a serious reputational risk for those that cling to them.
Culturally, we are used to verifying ourselves; let’s capitalise on that!
We are already used to proving our authenticity, for instance, for banking, mobile phone data and more. Therefore, when yet another company makes us go through 2FA of some variety, we go with it, since we are half-expecting it anyway. The level of security validates the company in our eyes, because we like that they take our security seriously. So many innovations fail because culturally, people are not ready, comfortable or learned enough to take them on. In the case of authentication, we are already there.
It is estimated that 80% of security breaches could have been prevented with 2FA. Antivirus and malware protection are one thing, but without user 2FA it’s a bit like leaving the front door unlocked. Silly when you could have just made sure you’d turned the key.
If you hold customer accounts, you seriously need to consider establishing 2FA for access to those. Your customers are ready for it; they expect and want it, and you are risking far more than you’re your reputation if you don’t implement it in the near future. Your IT and web service provider can help get you up and running with all the user 2FA you require.
Out-of-date website practices
Unless you’re in the industry, it would be hard to keep up with every detail, but it’s good to know the aspects of web design you should now be leaving behind.
Google’s Core Web Vitals coming into effect
Google has announced Core Web Vitals will become a ranking factor from May 2021. Find out what they are and what you can do to improve SEO.