A place for all things security.

One-Time Password (OTP) fail boat

Mar 12, 2014 // Dan Yelin

The Ponemon Institute released results of a study sponsored by tyntec, a mobile interaction service provider, that reveals 50% of One-Time Passwords (OTPs) fail to arrive due to invalid mobile numbers provided by end-users.

The study was based on a survey of 1,800 IT and IT security practitioners around the world. Research also identified 65% of respondents felt text-based passwords was insecure and 90% of It managers plan to adopt SMS-enabled two-factor authentication (2FA) in 2014 to improve online security.

A break down of the statistics are as follows

31% cited 11-20% of OTPs fail and of that 50% of them are due to invalid mobile phone numbers. Where other failures included technical errors due to poor implementation, deployment or poor service providers.

66% would like to be able to verify the end-user’s mobile phone number in real-time, but only 4% of the surveyed IT professionals actually implement a solution that provides such verification.

55% consider SMS-enabled 2FA more secure than other methods along with 71% identifying SMS-enabled 2FA is the perceived easiest solution for end users.

Regardless of whether you pick SMS-enabled or other 2FA options, providing additional security layers beyond a text-based password is a good option to increase security for your company. We recommend Authy as a solution that utilizes a user’s mobile phone devices via an mobile application.

See full report here.