New global research by the Ponemon Institute, sponsored by mobile interaction service provider tyntec, has revealed that on average almost 50% of one-time passwords (OTPs) fail to arrive due to invalid mobile numbers provided by end-users.
For the report titled ‘Unlocking the Security Potential: The Key to Effective Two-Factor Authentication’ the Ponemon Institute surveyed more than 1,800 IT and IT security practitioners around the world.
The research also revealed that 65% of respondents felt the traditional username and password approach was insecure. As a result, 90% of global IT managers say their organisations plan or consider the possibility to adopt SMS-enabled two-factor authentication (2FA) in 2014 in order to improve online security.
Influx of failed One-Time Passwords
The majority of international respondents (31%) cited on average 11-20% is the amount of OTPs that fail to be delivered. Of that, almost 50% on average fail because an invalid mobile number was entered by the end-user. As well as end-users providing invalid mobile numbers, OTPs can also fail due to technical error if companies choose to deploy cheap SMS solutions which offer poor delivery rates.
To combat these technical difficulties, 66% of respondents said they would be interested in verifying where end-users are located and to check their mobile number is valid in real-time. The research confirmed that currently only 4% of respondents verify mobile numbers before sending OTPs.
In addition, 55% of all those surveyed, considered SMS-enabled two-factor authentication to be more secure than other 2FA methods. 71% of respondents prefer SMS-enabled 2FA because it’s an easy solution for their end users.
Solution: mobile number verification
Thorsten Trapp, Co-Founder and CTO for tyntec comments: “To service providers looking to increase security for their users, the ability to pre-verify mobile numbers is essential. In addition to accruing costs in messaging fees, invalid mobile numbers also result in unauthenticated One-Time Passwords, un-activated accounts and un-met expectations on behalf of both the sender and end-user.
Companies therefore need to ensure that the balance between cost and reliability is optimised right from the beginning. By performing a validity check of the mobile numbers provided in real-time, companies can instantly notify users. As a result, service providers can improve customer satisfaction with fewer complaints, reduced customer support costs and higher conversion rates.”