Reviewing the use of 2FA as an account security measure

If asked to name one of the important things that must be considered in today's technological developments, security must come first. This security is not only about how to manage the services and personal data of users, but also the users themselves in securing themselves. There are many technologies and approaches that have been used. What is currently rife in Indonesia is the implementation of 2FA (2-authentication factor) or two security measures.

This approach usually combines the use of passwords and additional security factors, such as OTP (One Time Password) codes, biometrics (fingerprint, face/face, or even retina scans), or applications. authenticator. 2FA is considered more secure because it minimizes the risk of losing account access due to guessed passwords.

In fact, in Indonesia there are still cases that have managed to "break through" 2FA security using simpler techniques, including social engineering.

A common case is taking advantage of people's ignorance about OTP or tokens. Most mode is to pretend to be a service provider then ask the user to send an OTP or token, then take over the account. That's why every OTP or token that is sent there is usually a warning to save the code yourself.

More sophisticated, there is also a mode that uses the method of duplicating a SIM card or cell phone number. This case once emerged when one of the suspects duplicated a mobile phone number which was then used to access one of the victim's accounts via SMS banking.

Over time, OTP or tokens have been replaced by biometric security. If you look at the developments in Indonesia, more and more financial applications are embedding biometric security modes for application access.

2FA security usage trends

Survey results Mercator Advisory Group mentioned, biometric methods for authentication are preferred by users in the United States. Its use continues to increase from 2016 to 2019, especially for the use of facial recognition and Voice Recognition.

Other published reports Duo Labs (part of Cisco) also highlighted the increasing knowledge of respondents (UK and USA) about 2FA and their experience of using it.

In 2019 there were 77% who heard or at least knew about 2FA technology, but only 53% used it. This number grew quite significantly compared to 2018 where 44% knew while only 28% used it.

The use of SMS or email as a means of receiving OTP is also quite high. 72% and 57% respectively. Both are still chosen because many feel that they are more familiar and faster in receiving OTP codes than using applications authenticator, push notification, security key, or hard tokens.

In Indonesia, several service providers have started educating the public on the importance of activating this 2FA feature. Not only about the risk of losing your account, but also about what things should not be shared easily with others.

How to keep users safe?

To be safe from the risk of account breaches, the first and foremost way is to take care of yourself. Enable 2FA for all app or account access if applicable. Start putting your passwords in order by periodically changing them with guessed combinations. Consider using the app password manager to manage multiple accounts and passwords. Do not hesitate to use the biometric security feature if the device or service you are using already supports it. Whatever that is.

Understand that OTP is an important key, Just as important as a password. Never ever give it to anyone else, even the service provider. Don't hesitate to apply for an account block via in case of suspicious access in the application. Finally, don't use one number or one email for multiple applications.