Heartbleed to accelerate adoption of two-factor authentication solutions

sincity · May 1, 2014

A security expert has said that the recent Heartbleed Bug fiasco will encourage more service providers to introduce two-factor authentication.

Speaking to TechRadar Pro at Infosec 2014, JD Sherry, VP of Technology and Solutions at Trend Micro, said that the Heartbleed aftermath will have similar consequences to when LinkedIn, DropBox and others introduced the stronger authentication method after being hacked in 2012.

He said: "A lot of Twitter accounts had been compromised because they weren't using two-factor authentication. Twitter quickly deployed it within eight weeks, and now more companies are going to do the same."

Sherry said that two-factor authentication would have protected people's account information stored on servers vulnerable to Heartbleed.

He added: "Even if your username and password is compromised from a server that's vulnerable to Heartbleed, if that server has two-factor authentication installed, the hacker would need your authenticator or token to be able to truly authenticate with that service."

Barrier to adoption?

According to Sherry, service providers (particularly emerging ones) may not be too keen on introducing two-factor authentication as it could prove a barrier to acquiring new users.

He said: "The problem is that people want service adoption on their platform and want to create a frictionless environment for people to get in and use their service.

"Two-factor authentication historically has been friction for getting a service onboard and getting users to adopt the platform, which is why they've been slow to adopt it. The more awareness around Twitter hacks, Heartbleed and on social media that there is, the more two-factor authentication is going to move from what has been best practice out of enterprises to the critical masses."