top of page
  • Jessica Barker

62% of people do not know what two-factor authentication is: our survey of 1000 people in the UK

We recently asked 1,000 members of the public in the United Kingdom about their attitudes and behaviours regarding two-factor authentication (2FA). Working in security, it's easy to be in a bubble over what makes good practice, what people should do and what they are doing. When it comes to staying safe online, there can be a big divide between the attitudes and behaviours of security professionals and the attitudes and behaviours of non-security professionals. Exploring how people outside of the security community feel and act when it comes to security measures is fundamental to our success, because these are the people we are often trying to communicate with, to influence and persuade. The start of cyber security awareness month seems like the perfect time to be exploring these issues.

Firstly, we asked 1,000 internet users whether they feel confident that they know what two-factor authentication is. When we're doing awareness-raising, whether internally for organisations or with members of the public, we often find that terms we take for granted in the security community have not been well communicated and explained to people outside the community. The survey results confirmed this, with 38% feeling confident that they know what 2FA is, but 62% answering that no, they were not confident they know what it is.



If the majority of people do not feel confident they know what two-factor authentication is, we can be pretty sure they are not enabling the feature on their internet accounts. If they use online banking they will be using 2FA then, and there will probably be other times they are sent a code by SMS to verify their identify online, but chances are they won't have opted in to use 2FA on their personal email or social media accounts, for example. Our survey results back this up. We asked people whether they were using 2FA where available and found that 26% were, 29% were not and 45% were unsure.



This seems like bad news, and it certainly shows how much work we have to do, particularly when it comes to our communication skills. However, there are signs of progress. I asked the same questions of 1,000 people in the UK in 2015. In that survey, I found that less people were confident they knew what 2FA was and less people were using it: only 28% knew what it was (compared to 38% in this survey) and only 19% were using it (compared to 26% this time). This suggests that we're going in the right direction, but slower than we might like. Helping us along the way are the companies that are taking an innovative approach to encouraging use of 2FA: this week, EA announced that they will give away a free month of Origin Access to players that turn on 2FA (or who already have it enabled). This follows in the footsteps of Mailchimp, who provide a 10% discount for three months when people enable 2FA. It would be great to see statistics that show whether these incentives drive more people to set up 2FA - if so, hopefully more companies will follow suit.

Talking of 2FA inevitably raises the issue of SIM swap attacks and whether recommending 2FA is still the right course of action. We believe that it is the right thing to recommend, that it is an extra layer of defense that might not be perfect, but is certainly better than relying on passwords alone. When we have such an amount of work to do communicating security tools and processes, and driving engagement with them, perfect is the enemy of good, or at least the enemy of better. Plenty of people will argue that we should be advising use of multi-factor authentication (MFA), not two-factor. However, when we still have so much work to do just to get people understanding and engaging with 2FA, is it really realistic to aim for MFA? Or, does the low engagement with 2FA actually represent an opportunity for us to "leap frog" a lot of people straight to MFA? I'd love to know your thoughts - as always, twitter is a great place for these kind of debates!

213 views

3 Comments


Jeffrey Glenn
Jeffrey Glenn
Oct 19, 2023

I appreciate Henry for making me realise the truth to a certified hacker who knows a lot about what he is doing. I strongly recommend you hire him because he’s the best out there and always delivers. I have referred over 10 people to him and all had positive results. He can help you hack into any devices, social networks including – Facebook, Hangout, iMessages, Twitter accounts, Snap chat , Instagram, Whatsapp, wechat, text messages ,smartphone cloning,tracking emails and also any other social media messenger or sites. It’s advisable to hire a professional hacker.Thank me later. Contact him here., Henryclarkethicalhacker@gmail.com and you can text, call and Whatsapp him on +1(201)4305865, or +1(219)7960574.....



Like

Agnes Lizzy
Agnes Lizzy
Oct 14, 2023

Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on,…

Like

Janet Lucy
Janet Lucy
Oct 12, 2023

I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker@gmail.com and you can text, call him on whatsapp…


Like
bottom of page