Why Killing The Password Is The Next Billion Dollar Industry.
With the countless data-breaches and password leaks popping up, such as the recent leak of customer accounts on multiple video game networks.
It's becoming increasingly difficult to live a safe life online relying on the password, as even the most intricate password is useless if someone finds it and posts it online.
That's why the two-factor authentication industry has exploded. It means in its most literal form a second way in which you verify that it's you logging in, from a text message or phone call to a pop-up on a separate device. Even though it adds a layer of friction to signing up to and logging into services, which can stop a (lazy) user from wanting to log in, the result is a far tighter security package. As long as you have your phone, the other person won't be able to log in.
In other words, I think I proved my point: Even when I exposed my password in as public a fashion as possible, my account remained secure. Inadvertently, I also revealed an issue with Twitter's system that, should their engineers rectify it, will only make the system better.
Some companies complain that two-factor authentication interferes with the overall usability of the web experience. However, a collaborative academic report by the Internet Society--combining the work of PARC (Xerox's research/development arm), University College London and Indiana University found that two-factor is perceived as usable, based on the cognitive strain, ease-of-use and trustworthiness required by a user.
There's little or no reason beyond wanting to slow down the flow of getting more users, and it's even become ridiculously easy to integrate two-factor into any app. In October TeleSign, potentially using some of the aforementioned funds, created a Free SDK for building Two-Factor Authentication into any app. While Duo offers a similar SDK, TeleSign is apparently focusing on the ease-of-integration, one of the many reasons that some apps that could use a more security interface haven't integrated two-factor.
Even then, there're still issues with two-factor. The Unofficial Apple Weblog warned of the new functionality in the latest Mac OSX that forwards texts directly to your computer--so that if someone happened to be using your computer with your password, or had access to your iMessages, they could get your two-factor codes. This is similar to those who happened to use their web-accessible Google Voice number to have their texts received in a browser, or using Motorola Connect with a supported phone to receive text popups.