Security professionals agree: SMS based Two-factor Authentication (2FA) is insecure, yet thousands of companies still employ this method to secure their customer-facing applications. This talk will look at the evolution of authentication and provide a data-driven analysis of the tradeoffs between the different types of factors available.
32. 2FA ADOPTION
2019 BYU study found:
https://www.usenix.org/system/files/soups2019-reese.pdf
BELIEVE EXTRA SECURITY
WORTH ADDITIONAL TIME
OR INCONVENIENCE
WILLING TO USE 2FA
DEPENDING ON THE
ACCOUNT
UNWILLING TO USE 2FA
BECAUSE INCONVENIENCE
TOO HIGH
@kelleyrobinson
29% 36% 13%