A study by Indiana University found that even many tech-savvy people did not use two-factor authentication on websites and applications. CNET reports that most people think that using a strong password is enough.
It is understood that Indiana University professor L. Jean Camp and Indiana University Bloomington doctoral student Sanchari Das conducted a study of 500 people to find out why the simple security measures of dual authentication are unpopular.
In the course of the research, they deliberately searched for students who are technically savvy on campus to ensure that the results are not affected by those who do not understand what is a double certification. They want participants to have more security and computer expertise than the average person.
They then discovered that although these students understood the technology, they did not understand why such cybersecurity precautions were taken. Professor Camp said that the participants were confident that their passwords were long enough.
A survey at the end of last year found that more than half of Americans have never heard of double certification, and less than one-third use this security measure.
The second question raised by Professor Camp is the vulnerability of SMS-based two-factor authentication. He said: “It’s not as secure as using a physical security key for two-factor authentication, because text messages can still be intercepted.”
Earlier this month, Reddit CTO Christopher Slowe said in a post: “We learned that SMS-based authentication is not as secure as we think, and the main attack method is interception via SMS.”
In fact, more than two years ago, the National Institute of Standards and Technology, which set standards for certified software, said that it would prohibit the use of SMS for two-factor authentication in the future. For now, Apple has made it particularly easy to log in to an Apple ID with two-factor authentication, and users can receive an authentication code on any trusted device.