The increase in cyberattacks coupled with people's insecure behaviors, such as the use of weak and identical passwords on various services like Facebook, Twitter, LinkedIn, Google and Apple, for example, make it necessary to use more robust complementary authentication methods.
The numbers are alarming: according to a study by McKinsey, 81% of security breaches are caused by weak or stolen passwords. As a result, both companies and government entities have begun to implement second factor authentication strategies to strengthen access to sensitive information.
What is a second authentication factor?
It is a system that complements traditional authentication in services that require access credentials with an additional authentication factor such as a security code, a one-time key, which can be generated from an application on a mobile device or received by SMS/Email, the most advanced use push notifications to send such codes or validation operations. It doesn't matter which order the company chooses to authenticate in, as long as two-factor authentication is used to validate that the person is who they say they are. Authentication systems are divided into:
- Simple factor: it's something the user remembers: username and password, their date of birth, etc.
- Dual Factor: is something that the user owns: their phone, a phone number, a card, etc.
- Third Factor: is something that the user is: their face, voice, fingerprint, etc.
The main advantage of using this double factor is the extra point of security that we give to our personal account, as it will always be more secure than using only a username and password.
Why are companies and governments starting to implement it?
As users handle more and more sensitive information in their accounts, it makes sense that cybercriminals are devoting more resources to stealing the passwords that protect them.
According to a report conducted by VU on 600 Latin American participants in 18 countries in the region, 29% of respondents indicated that sharing passwords and access keys is what generates more possibilities of security breaches. Now, if users are aware of this risk, why do they engage in this behavior? Simply because they tend to be overwhelmed by the number of users and passwords, and they write them down, share them, and repeat them so as not to forget them.
The truth is that due to several attacks involving password theft, which have affected important companies, many private corporations and government agencies have decided to implement two-factor authentication systems to contribute to the security and protection of their users' information.
- Banking: it is common that after asking for a username and password, they require users to have a mobile token sent to their cell phone when making a transfer, for example.
- Government: requires that, in addition to presenting an identity card, in order to carry out a procedure remotely, one must also take a selfie, for example, to validate one's identity.
- Health: allows you to request appointments remotely by sending a code to your cell phone and then confirming it with a voice note.
The uses for second factor authentication are endless. Although there may be an initial resistance from users, once they understand how it works, its adoption is fast since the benefits are instantaneous in the reduction of time to perform transactions, ease of use, less friction and greater security when it comes to safeguarding the digital identity of citizens. It is important to be aware that two-step verification can be the difference between being a victim of a cybercriminal or not.
It is a company specializing in the development of cybersecurity software, with a focus on fraud prevention and identity protection. Its mission is to deliver frictionless and secure digital experiences for both citizens and companies. It is the only company in the region aligned to best practices in international authentication, member of FIDO Alliance, OATH and OCF. Founded in 2007, it has offices in Argentina, Chile, Uruguay, Ecuador, Colombia, Costa Rica, Mexico and Peru.
Follow us on social networks
By Sebastián Stranieri, VU's CEO
Connect