Major companies' two-factor authentication offerings fall short
With passwords increasingly being seen as insufficient to properly secure access to websites, more and more companies are turning to two-factor authentication.
New research from digital identity management experts Dashlane looks at how some of the biggest consumer websites are protecting their users. It looks at 17 of the UK’s most popular sites and finds only four get top marks for their 2FA offerings.
Researchers tested each website on three 2FA criteria, awarding one point for SMS or email authentication, one point for software tokens, and three points for hardware tokens, such as YubiKey or U2F authentication, for a maximum score of 5/5. Any site that scored below 5/5 was deemed to be failing as they do not offer their users a full range of 2FA options.
While only two websites offered no 2FA at all, Asos and Trip Advisor, and just four get top marks, the remaining 76 percent didn't offer a full range of 2FA options.
"Through the course of our research we found that information on 2FA is often presented in a way that is unclear, making it difficult for consumers to confirm 2FA offerings," says Emmanuel Schalit, CEO of Dashlane. "In fact, our researchers were forced to omit a large number of popular websites from our testing simply because the sites don't provide any straightforward or easily accessible information about their 2FA offerings. It's reasonable to conclude that many consumers are not taking full advantage of the security options available to them due to this lack of transparency."
You can see a breakdown of all the sites tested in the graphic below.