Skip to main content

Even many tech-savvy people not using two-factor authentication, finds university

Even many tech-savvy people are failing to take advantage of the opportunity to use two-factor authentication for websites and apps, found an Indiana University study …

CNET reports that too many believe that strong passwords are enough.

Indiana University Professor L. Jean Camp and Sanchari Das, a doctoral student at Indiana University Bloomington, conducted a study of 500 people to find out why the simple security measure isn’t popular, despite its benefits and ease.

For their research, they purposely sought out tech-savvy students on campus to make sure the result wasn’t affected by people who just didn’t understand what two-factor authentication is. They wanted participants who had more security and computer expertise than the average person.

What they found was that while these students understood technology, they didn’t understand why they needed to take this cybersecurity precaution.

“There was a tremendous sense of confidence,” Camp said. “We got a lot of, ‘My password is great. My password is plenty long enough.'”

A survey late last year found that more than half of Americans had never heard of 2FA, and fewer than one-third were using it.

A secondary issue Professor Camp raised is vulnerabilities in SMS-based 2FA.

It’s not as safe as using a physical security key for two-factor authentication, because text messages can still be intercepted, like what happened with Reddit on Aug. 1.

“We learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept,” Christopher Slowe, Reddit’s chief technology officer, said in a post.

Indeed, more than two years ago the US National Institute for Standards and Technology, which sets the standards for authentication software, says that the use of text messaging for two-factor authentication will in future be barred.

Apple makes it particularly easy to use 2FA for Apple ID login: you can have a code sent to any of your trusted devices. If you don’t already have this set up, we strongly advise doing so.


Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear