Juniper Research has revealed that the increasing proliferation of multi-factor authentication technology will generate $27 billion for mobile operators in 2022 alone. That’s based on the generation of SMS messages linked to multi-factor authentication for logins of all kinds of online services. Multi-factor authentication is adopted by some of the biggest brands today. Social media giants Twitter are imploring users to activate multi-factor authentication through pop-up prompts. Amazon’s smart-home firm Ring said the security was now compulsory to safeguard customers’ home camera streams, while Betfair has also added a layer of multi-step authentication to protect the bonuses deposited within the accounts of new customers.
The figures from Juniper Research suggest that this year’s return for mobile operators will be 5% up year-on-year. This is largely attributed to the growing pressure on online platforms and brands to mitigate the risks of cyber-attacks and costly data breaches that harm the integrity and reputation of established firms.
Within its Mobile Authentication: Future Strategies & Market Forecasts 2022-2027 report, Juniper Research anticipates some 1.7 trillion multi-factor authentication messages to be sent worldwide this year. This will represent approximately 60% of all SMS commercial messaging traffic. Keith Breed, the co-author of this report, expects this figure to rise to 2.1 billion multi-factor authentication messages by 2027. Breed believes this will be driven by “rising pressure” on even small firms to “implement greater security for users”. Historically, SMEs and even the biggest brands have been reticent to employ multi-factor authentication in fear of driving existing or prospective customers away. However, with cybersecurity increasingly in vogue, brands have been forced to act.
What is multi-factor authentication and why do you need it?
It’s highly likely that you will have engaged with multi-factor authentication without even knowing it. Multi-factor authentication provides additional layers of protection to your online accounts. It’s long been said that usernames and passwords are highly vulnerable to security attacks, which is why many brands adopt multi-factor authentication to create additional hurdles for cyber-criminals to overcome to access accounts.
Passwords have long been susceptible to personal and commercial data breaches. Historically, individuals and businesses have been guilty of creating weak passwords that are easily solved by cyber fraudsters. In addition, people too often recycle the same passwords across multiple logins online, putting them at greater risk of identity or data theft. Think of multi-factor authentication as a much-needed security blanket for your online accounts. Even if a cyber-hacker can crack your password, it will derail their login attempts as they won’t have the information needed to complete the next authentication stage.
Examples of multi-factor authentication
- Unique one-time codes distributed via SMS or email
These are the SMS messages that the Juniper Research report covers. One-time activation codes are sent either to registered mobile numbers or email addresses. Despite this, it’s still considered the weaker form of multi-factor authentication given that email addresses and mobile devices are also susceptible to hacking. - Unique codes generated by authenticator apps
Authenticator apps such as Google Authenticator can generate unique codes that change every 30-60 seconds, giving hackers the tiniest window to enter – and that’s only if they have access to a user’s mobile device. - Push notifications via separate device
Some online accounts enable users to register a second device where push notifications can be sent to confirm or deny a login request. - Fast ID Online (FIDO)
The FIDO system is underpinned by biometric technology and is therefore the safest form of multi-factor authentication. Biometrics covers everything from voice and facial recognition through to fingerprints and retina scans.
How secure is multi-factor authentication?
If you’re wondering just how effective multi-factor authentication is, take Microsoft’s word for it. The US tech giants state that those who use it are 99% less likely to experience a data breach. It’s not uncommon for even the biggest online brands to suffer from a cyber-attack, so multi-factor authentication can prevent your account and any sensitive details from being easily compromised.
Those who don’t invest time and money into multi-factor authentication risk their sensitive data being stolen and sold on the so-called “Dark Web”. F-Secure, a platform which monitors the Dark Web for user data said that up to 1.7 billion compromised usernames have been shared through the years, including 24 billion passwords and 41 billion pieces of sensitive user information.
Why tech giants are building towards a password-less future
The promise of a password-less future has been discussed for well over a decade now. Time and again roadblocks have found their way to prevent a viable scheme from proliferating on a global scale, ridding consumers and businesses of the scourge of cyber fraud once and for all.
One of the biggest issues previous password-less schemes have experienced in recent years is the lack of a recovery mechanism, giving individuals and businesses a chance to retrieve lost data connected to an account. Fortunately, it looks like the biggest names on the tech scene are finally inching closer to password-less authentication – without the need to have any usernames or passwords to fall back on.
According to Arstechnica, the likes of Microsoft, Google and Apple are collaborating on new password-less technology that would provide a universal, cross-platform way of authenticating genuine user logins. It is designed to house one unique token that can authenticate a user across all services provided by Google, Apple and Microsoft – with many follow-on services sure to follow. The very same unique token can also be housed on devices powered by Windows and Android operating systems, as well as macOS or iOS.
This unique token credential can be stored on a mobile device or online in the cloud, making it accessible even if you do happen to lose your smartphone or tablet. Users simply present their unique fingerprint or facial scan to their device to activate the unique credential.
We’re still some way from password-less authentication entering the mainstream, however. In the meantime, mobile operators will be keen to make hay while the sun shines with secure SMS messages still offering a credible multi-factor authentication solution. What operators will do when 60% of their commercial SMS messages evaporate in the coming years remains to be seen.
Also Read: What are Credential Theft Attacks