Knowing that your app accounts are secure and not just anyone can access them is a critical aspect of cybersecurity--and implementing two-factor authentication is an important step.
Two-factor authentication (2FA) is a way to confirm a user's identity by asking for two pieces of evidence. For example, combining a password with a security question, a code texted to your phone, or a 2FA app like Authy (Android, iOS), Google Authenticator (Android, iOS), or Microsoft Authenticator (Android, iOS).
Dashlane, a password manager app (Android, iOS), ranked 34 top consumer websites in the US to see how their 2FA stacked up, or if they had it at all. The program found that 76 percent of the top sites do not offer a full set of 2FA.
Dashlane used a point system to judge a site's 2FA security. A site got one point for text or email authentication, one point for software tokens like Google Authenticator or Authy, and three points for hardware tokens like Yubikey or U2F. The maximum score could be 5/5.
Only eight companies or 24 percent of companies passed for their US 2FA settings. Bank of America, Dropbox, E*Trade, Facebook, Google, Stripe, Twitter, and Wells Fargo had a 5/5 score. Best Buy, NextDoor, TaskRabbit, and ZocDoc received the lowest scores, offering users no 2FA options.
Companies like Airbnb, American Express, Chase, Discover, Citibank, LinkedIn, Mint, Venmo, and Yahoo got a one-star rank. Sites like Instagram, Apple, Amazon, Capital One, GoDaddy, Slack, WhatsApp, and others got two stars ranking.
"Through the course of our research we found that information on 2FA is often presented in a way that is unclear, making it difficult for consumers to confirm 2FA offerings," Emmanuel Schalit, CEO of Dashlane said in a press release.
Schalit went on to say that Dashlane's researchers had to omit a number of websites from their research because the information regarding 2FA wasn't clear.
"It's reasonable to conclude that many consumers are not taking full advantage of the security options available to them due to this lack of transparency," Schalit said.
Dashlane only evaluated the 2FA options of a site's desktop browser. The 2FA available on the site's mobile apps, mobile browsers, or desktop apps was not examined.
"It is fitting that we decided to share the results of this research near Halloween because in the wake of recent data breaches and hacks, there should be nothing scarier to an organization than the thought of risking their customers' valuable data," Schalit said. "We want to educate the public about the benefits of an addition like two-factor authentication so that they can demand the latest innovations in security from the companies serving them."
Without 2FA, accounts are vulnerable to attacks. Passwords are only one form of protection, and only if they're strong enough. 2FA helps protect users against easy-to-guess passwords and brute force attacks.
While it does take a moment longer to log in, it could be argued that it's worth a few more seconds if you're not at less risk for having your accounts hacked or data stolen.
FOLLOW Download.com on Twitter for all the latest app news.
- A new report from Dashlane found that 76 percent of popular consumer websites have lackluster two-factor authentication or don't use it at all.
- Websites like Best Buy, NextDoor, TaskRabbit, and ZocDoc offered no two-factor authentication at the time of this report, while other leading services don't implement 2FA based on cybersecurity best practices.
- Instagram finally launches app-based two-factor authentication support
- Google to improve Chrome extension security with new add-on rules
- How to unlock your Windows 10 PC using your Android phone
- The best Android VPNs to keep your data private and secure
- Two-step verification 101 (CNET)
- Yahoo must pay $50M in damages for security breach (CNET)
- This is how hackers can wipe your memory and steal your thoughts (ZDNet)
- How to retrieve your Google 2FA backup codes (and make more) (TechRepublic)