Even Many Tech Savvy People Not Using Two Factor Authentication Finds University

Even many tech-savvy people are failing to take advantage of the opportunity to use two-factor authentication for websites and apps, found an Indiana University study …

CNET reports that too many believe that strong passwords are enough.

A survey late last year found that more than half of Americans had never heard of 2FA, and fewer than one-third were using it.

For their research, they purposely sought out tech-savvy students on campus to make sure the result wasn’t affected by people who just didn’t understand what two-factor authentication is. They wanted participants who had more security and computer expertise than the average person.

What they found was that while these students understood technology, they didn’t understand why they needed to take this cybersecurity precaution.

“There was a tremendous sense of confidence,” Camp said. “We got a lot of, ‘My password is great. My password is plenty long enough.’”

A secondary issue Professor Camp raised is vulnerabilities in SMS-based 2FA.

Indeed, more than two years ago the US National Institute for Standards and Technology, which sets the standards for authentication software, says that the use of text messaging for two-factor authentication will in future be barred.

“We learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept,” Christopher Slowe, Reddit’s chief technology officer, said in a post.

Apple makes it particularly easy to use 2FA for Apple ID login: you can have a code sent to any of your trusted devices. If you don’t already have this set up, we strongly advise doing so.