New research has revealed that few major websites follow the two-factor authentication procedure to let their visitors in.
In the U.S. alone, this research carried out by Dashlane has found that three out of four companies merrily skip this important requirement. Shockingly, this list includes top entities such as Citibank, American Express and Chase.
Dashlane is a company that specializes in password management issues and owns an app by the same name to function as a password manager on your device.
They had chosen 34 companies in the U.S. for their research and have published their findings.
More About Two-Factor Authentication
You may be logging into several websites every day. While in some, you have to log in to access just about any information, on others you could be doing financial transactions as well.
These could include checking account with the bank or an ecommerce site or other resources.
You are generally asked by these sites to create a user ID and a unique password.
But once you use the password on your device, it can be saved somewhere and in the event of a hack, stolen by the hacker. This is the reason a two-factor authentication (or 2FA) system is recommended by cybersecurity experts.
With 2FA, an additional code is created at the time of the login, each time you visit the site. This could be in the form of a one-time-password (or OTP) sent to your mobile phone or email address.
The OTP is generated only when you are entering the site after having inputted the user ID and password, and this code will be valid for only a few seconds.
If it is not used by then, it will lapse and you need to generate another OTP to access the site. There are other ways apart from the OTP to do this as well.
This 2FA system drastically reduces the chances of a hacker misusing your stolen password to gain access to sites.
The hacker has to not only steal your user ID and password but also your mobile phone, which is quite a rare possibility.
Dashlane’s Work Quite Thorough
Some of the companies whose websites were chosen by Dashlane to check in the two-factor authentication study included Bank of America, Facebook, Twitter, Apple, Instagram, GoDaddy, Airbnb, Amazon, Google, Citibank and LinkedIn.
All these are very reputed companies and you would expect them to take every step available to make sure their customers’ personal data remains secure on their websites and platforms.
But Dashlane found only eight out of the 34 scored 5/5 points in the tests it ran.
The points assigned were for different methods of authentication used by the sites, including hardware keys like YubiKey.
At the bottom of the matrix were sites like ZocDoc, BestBuy and TaskRabbit, which scored zero points.
Then there were companies like LinkedIn, Citibank, American Express and Chase, which got just a single point.
Some of the 13 websites in the list which scored two points are WhatsApp, Instagram, Apple and Amazon. And the best ones, the eight sites with a 100 percent score in the Dashlane research, are Dropbox, Twitter, Google, Bank of America, Facebook, Wells Fargo, E*Trade and Stripe.
Not a Very Comfortable Thought
The revelation that around 76 percent of websites of some of the topmost companies in the U.S. don’t take the security on their site seriously might be of concern to consumers.
In an era where some regions, such as Europe, are going to extreme levels to enforce data privacy for their citizens, these firms with international footprints not heeding to such simple mechanism defies reason.
And as long as the customer is informed that the extra effort they need to take to gain access to the site is meant for their own safety, they will gladly embrace the procedure.
Dashlane has mentioned this in their report as well, that they had to omit many sites due to lack of clarity in the way the security measures were explained to the visitors.
Dashlane has gone a step further and likened this finding by it to Halloween in terms of the scare quotient it raises.
One may not take their assessment as the gold standard, but no one can deny the importance of two-factor authentication as a solid security tool.