Hackers Love Companies that Don't Use Multifactor Authentication

David Vergara, August 7, 2018

It’s remarkable just how many significant security breaches could have been prevented if only multifactor authentication technology had been deployed.

A lack of strong authentication is the reason behind the recent breach of the popular mobile app Timehop, which lets users see social media posts from the same date in previous years. The breach exposed the credentials, phone numbers and social media histories of more than 21 million users. What’s worse is there’s a considerable length of time that the hacker’s presence went undetected, making this application’s user identities ripe for theft.

Here’s what happened. A Timehop employee’s credentials were leaked, which gave a hacker access to their system. The use of strong authentication, multifactor authentication in particular, would have required the hacker provide a second form of authentication beyond a username and password. A failure of the secondary authentication would have stopped the hacker cold.

Multi-factor Authentication

Multi-factor Authentication

OneSpan’s comprehensive suite of hardware and software authentication solutions ensure the right security for each use case.

Show Me MFA Options

As mentioned on Payments Source, IBM Security issued a report earlier in July that revealed the high cost and impact associated with serious data breaches, much like the one at Timehop. The report suggests the average cost of a data breach globally is slightly less than $4 million (it’s nearly $8 million in the U.S.), but damages can extend into the hundreds of millions of dollars. Estimates say a breach of 50 million records or more can cost as much as $350 million in damages. Timehop was 21 million; imagine what a small investment in MFA technology could have saved them.

Identity Exposure form Breaches

Making Multifactor Authentication a Business Priority

Still haven’t deployed strong security in the form of multifactor authentication? It’s high time to get started by choosing a solution that’s right for your organization and your end users. Multifactor authentication is a must along with complementary technologies like single sign-on, user directories and other systems that allow for strong authentication and protect social media, email communications and business-critical applications.

It’s easy to point the finger at a company’s IT department and say, "Why didn’t we have this stronger security?" As mentioned on Payments Source, the answer is sometimes simple — companies are confused about which technology to use, these tools were never intended to be used together, and integration can become expensive and cumbersome. Today, the right level of security requires additional technologies to keep up with the emerging threat vectors. All of this points to the urgent need for businesses to implement multi-factor authentication and a risk-based approach to access management.

The IBM Security report also found that one major factor impacting the cost of a data breach in the U.S. was the reported cost of lost business, which was $4.2 million, more than the total average cost of a breach globally, and more than double the amount of "lost business costs" of any other region surveyed.

Make adding an MFA solution a priority. Your customers’ experience, brand reputation and bottom line depend on it.

This article, authored by David Vergara, Director of Product Marketing at OneSpan, first appeared July 24, 2018 on Payments Source.


David Vergara is Director of Security Product Marketing at OneSpan and has over 10 years of experience in the software security space. Prior to OneSpan, he was VP Marketing for Accertify leading go-to-market strategy for their online fraud detection solution.