Two-factor authentication & ecommerce: Should you tighten up your brand’s security?
Two-factor authentication – extremely important, or unnecessarily complicated? That’s the question we’re going to delve into today.
The standard username and password combination has been the default log-in process since the web was born – and, consequently, it’s a combination that’s become increasingly easy to crack. And with more online channels popping up every day, we’ve accumulated hundreds of passwords – giving hackers more accounts and more opportunities to steal your data.
As we get savvier to the risks associated with data breaches, extra security measures – such as two or even three-factor authentication – are becoming more popular. But is this just something for banks and payment platforms to worry about, or do ecommerce platforms need to take note?
First off, let’s take a closer look at what two-factor authentication is.
What is two-factor authentication?
Two-factor authentication (2FA), often called dual-factor authentication or two-step verification, adds an extra layer of security to your online platforms. Instead of simply inputting your username and password, a two-factor authentication process requires additional information, such as a fingerprint, an answer to a security question or a code that’s been texted to you.
Sometimes, as with online banking and certain payment gateways, you’re required to set up a two-step verification as part of your account registration. Other times, like with email and social media platforms, two-factor authentication is offered as an optional add-on to the verification process.
Why is it important?
Despite the numerous horror stories about innocent internet users suffering from data hacks and identity theft, most of us are extremely lax with our passwords. Over two-thirds of people use the same password for everything, and 37% have to request a password reset at least once a month. This means that most internet users are leaving themselves extremely vulnerable to breaches, which can result in stolen sensitive information, identify fraud and even costly ransoms.
Although setting up a unique, secure password is a good way of slowing down hackers, it’s not infallible. 90% of passwords can be cracked in under six hours, and sophisticated cyber-hacking software can test billions of password combinations a second. To truly ward against hackers, you need more armour.
Two-factor authentication adds an extra, harder-to-penetrate level of security between hackers and your data. It’s like double-bolting your front door or positioning a security guard outside your house. While 2FA is by no means bulletproof, it does make your accounts twice as hard to break into. According to a study by the cybersecurity company Symantec, 80% of data breaches could be prevented by two-factor authentication.
How does 2FA impact ecommerce brands?
Although plenty of social media, email and financial platforms have started adopting multi-factor authentication, ecommerce brands are often far more hesitant to make the switch. While it’s a great way to better protect your customers’ data, it also creates an additional barrier to purchase. By making the sign-in or checkout process more complex, you could end up harming your conversion rate.
But while dual-verification isn’t necessarily essential for the front-end of your site, it’s an important thing to consider for internal use. If numerous employees across multiple locations have access to your ecommerce or financial platform, it’s essential to have a robust authentication process in place to keep both your customers’ and your company’s data safe.
However, enabling 2FA for your internal systems can cause some operational hiccups, so it’s important to have the right processes in place. For example, if your two-factor authentication requires an automated phone call with a verification code – as with NetSuite – and your whole team is using one account, consider creating a dedicated communications channel for sharing these codes.
Setting up two-step verification is much easier if everyone in the team has their own account on your various platforms – but this can get extremely expensive, as platforms often have a limit on how many staff accounts you can have.
How does it affect your integration?
Another thing to consider before setting up two-factor authentication is how it’ll affect your company’s infrastructure. Some companies’ IT ecosystems aren’t designed to factor two-step verification into the data flow, which can cause the integration to stop working altogether – resulting in issues with customer service, performance and fulfilment.
With an increasing amount of ecommerce and ERP systems requiring 2FA, we’ve structured the Patchworks integration platform to support more complex verification processes.
The cost of not using 2FA
Although it might seem like a faff, the cost of not using a secure verification process for your company’s systems can be a lot greater than the time spent putting it place. Think of the chaos and the reputation damage caused by the iCloud celebrity photo leaks, or when users of the pro-adultery dating site Ashley Madison were exposed online. Aside from irreparable damage to your brand, lost data is an expensive mistake to make.
Not sure how setting up 2FA will impact your integration? Get in touch today – we’re more than happy to help.