A deeper issue uncovered by the Impermium survey that could affect any online authentication scheme going forward is trust. In addition to not trusting online sites with their cell phone numbers, 39% of the participants in the poll blame websites for account compromises.
"Four out 10 people are saying we don't trust people doing things the right way from a back-end systems standpoint," Phil Dunkelberger, CEO of Nok Nok Labs, said in an interview.
Meanwhile, another 37% of the respondents tagged weak passwords and consumer gullibility as the primary cause of account breaches. "There's plenty of blame to go around," Dunkelberger said. "One area that can be blamed is the addiction to user names and passwords. They don't work for people, especially in mobile cases."
Moreover, consumers are becoming more skeptical of what online services are doing with their data, even when they say they need it for security reasons. "Users are beginning to push back against e-marketers and this, unfortunately, is a symptom of that," James Fenton, CSO of OneID, said in an interview.
Consumer attitudes toward trust and convenience will rapidly change as cyber criminals step up their game, contends Berk Veral, senior marketing manager for fraud action and cyber crime intelligence for RSA, the security division of EMC.
"It will reach a point, as consumers face sophisticated malware attacks, that giving up a mobile number to protect your email account isn't going to be an issue," Veral said in an interview. "It's going to be a no-brainer."
That can already be seen in one highly targeted area: mobile gaming. The makers of World of Warcraft have had "incredible success" converting users to 2FA, noted Richard Henderson, a researcher at Fortiguard Labs.
Not only is a free mobile app used for 2FA, but a paid hardware token is also offered. "In fact," Henderson said, "the paid hardware token has been very successful. People have shown a willingness to pay for that kind of solution."
Sign up for Computerworld eNewsletters.