Study Highlights One-Time Password Failures

The vast majority (68 percent) of North American organisations agree there’s a need for more secure authentication methods over the traditional username and password method, while also reporting that they are experiencing significant problems with the one-time password (OTP) methods many are putting into place, according to a report by the Ponemon Institute and sponsored by mobile interaction service provider Tyntec.

According to the survey, 29 percent of respondents in North America cite that, on average, 11-20 percent of OTPs fail to be delivered. Of that, 48 percent on average fail because an invalid mobile number was entered by the user.

OTP issues

“Enterprises and Internet companies know that the traditional username and password is simply not enough anymore. However, companies deploying SMS-enabled two-factor authentication need to ensure that OTPs aren’t being sent to invalid mobile numbers,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. “As a result, the research confirmed that 67 percent of global respondents said customer experience improves when SMS-based, two-factor authentication is combined with real-time verification of the receiver’s mobile number.”

The emerging verification method of choice is SMS-based 2FA due to its user-friendliness, cost effectiveness and high level of security, Ponemon found. The report found that companies implementing SMS-based 2FA use the method mainly for identity verification in user registration (43 percent), each login (38 percent) and transactions (33 percent).

As part of the authentication process, users who opt in for SMS-based 2FA are required to share their mobile number with application providers to receive a unique OTP sent through SMS to authenticate their identity. The SMS containing the OTP must be entered and authenticated to successfully complete the transaction, registration or download process.

The report noted unauthenticated OTPs translate into inactivated accounts, incomplete transactions and, ultimately, a poor customer experience.

“To service providers looking to increase security for their users, the ability to preverify mobile numbers is essential. In addition to accruing costs in messaging fees, invalid mobile numbers also result in unauthenticated One-Time Passwords, unactivated accounts and unmet expectations on behalf of both the sender and end-user,” Thorsten Trapp, co-founder and CTO of Tyntec, said in a statement.

Validity check

However, even in the face of gaping discrepancies, 29 percent of North American respondents are still unaware that SMS-based OTPs sometimes don’t get delivered, while 30 percent are aware of the issue but are unsure of the reasons why OTPs fail to reach the user.

“Companies therefore need to ensure that they strike a balance between cost and reliability from the beginning. By performing a validity check of the mobile numbers provided in real-time, companies can instantly notify users of the mistake and allow access to vital services that they’ve requested or subscribed to,” Trapp continued. “As a result, service providers can improve customer satisfaction with fewer complaints, reduced customer support costs and higher conversion rates.”

Do you know all about 4G and the mobile future? Take our quiz.

Originally published on eWeek.

Nathan Eddy

Nathan Eddy is a contributor to eWeek and TechWeekEurope, covering cloud and BYOD

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago