Conventional 2 Factor Weaknesses

Inconvenience and security weaknesses of SMS based and token 2 factor authenticators have made conventional 2 factors a thing of the past. Learn how NoPassword H²MFA addresses all user experience and security weaknesses of traditional 2 factor solutions.  

Security Weaknesses of Conventional 2 Factor

While conventional 2 factor authentication solutions slightly improve security, they remain vulnerable to a number of cyber attacks. NIST‘s recent Draft on Digital Identity Guidelines makes strong recommendations against SMS based 2 factor solutions, highlighting their associated security concerns.  SMS based 2 factors are especially vulnerable to mobile banking malware (e.g. Spy.Agent, Acecard, and GM Bot) and complex attacks that steal OTPs.

Two factor authentications, in general, do not stop man-in-the-middle, social engineering and phishing attacks. In fact, as long as the user is manually entering credentials, the authentication process is open to a variety of attacks.

Conventional 2 Factor Pain

Without a doubt, conventional 2 factors are one of the most inconvenient security solutions used today. The additional friction added to the authentication process results in frustration among a larger number of users.

2 factor authenticators, such as extra dongles and fobs, often get lost or misplaced which results in access denials. SMS based 2 factors are often not delivered or are delayed, forcing users to manage their passwords and manually enter a 2 factor token.

Smartcards, more secure but inconvenient

Organizations in highly regulated industries tend to implement smartcards, which relies on the implemented PKI model. Although they provide a higher level of security relative to passwords, they are one of the least favorable 2 factors among user and IT professionals.

The primary reason is that smartcards are not designed for mobile users as they are incompatible with phones, tablets, and some laptops. They require adaptors to work on desktops or laptops and restrict users who need to have access from more than one device at a time. They are also easy to lose and drive up company costs. Once a smartcard is issued, they normally don’t require authentication or provisioning, so anyone who finds one will be able to use it to access the user’s account.

Learn how NoPassword improves security beyond passwords and 2 factors, while enhancing user experience by making the authentication process easy and effortless.

© 2019 NoPassword Inc. All Rights Reserved. Powered by NoPassword Inc.

Modernize enterprise workforce and consumer identity by substituting passwords with NoPassword Human and Hidden Multi-Factor Authentication (H²MFA™).