Why Two-Factor Authentication Is The Practical Choice To Prevent Account Takeover
It’s fair to say that “two-factor authentication” finally jumped from enterprise IT lingo to the commons. By now most of us have received those spammy-looking emails, tweets, or status updates from friends and family who recently had their personal accounts taken over. This unfortunate trend makes it easier to explain to friends and family what I do at Duo.
The rise in account takeover has accelerated the growth of worthwhile initiatives, such as the National Strategy for Trusted Identities in Cyberspace, that are attempting to solve the password problem. We can all agree that passwords aren’t sufficient for today’s phishing and malware attacks, let alone the burden of trying to remember complicated patterns that can still be guessed. But requiring every website and app to overhaul its authentication system and trust a single vendor or emerging standard isn’t practical either.
The reason we’ve seen most of the big consumer Internet services – Google, Facebook, Dropbox, and Apple – add two-factor authentication to mitigate account takeover is because it works and it’s practical. Completely throwing out passwords isn’t necessary to substantially reduce account takeover. We agree with this pragmatic approach.
Forrester analyst Eve Maler recently shared her thoughts in a blog post on the expanding terrain of consumer strong authentication. Speaking about requiring additional login steps she states,
What was once anathema is going to be unilaterally required by online service providers – and accepted by users – within a couple of years, at least for especially sensitive operations.
Deploying the right two-factor authentication system makes a big difference, both in user acceptance and actual security afforded. We created Duo Security to make two-factor authentication painless to deploy and simple to use. Any website or app can add Duo authentication in a few hours. Users get the best factor depending on their device. Smartphone user? Tap Approve in Duo Mobile to log in. Simple cell phone? Duo sends a temporary passcode as a text message.
Duo’s two-factor authentication incorporates a login experience similar to one that has been around for decades, while making improvements to the cost, deployment, and flexibility challenges of older solutions. Every innovative organization should be thinking about future solutions, but real problems still need to be solved today. Two-factor authentication works, it’s proven, and it incorporates a login experience that’s been around for decades.
We’re thrilled to support the Do-ers who are solving real problems with Duo every day.