Genome Blog / articles / The importance of 2FA: why the biometric authentication is preferable to the SMS one
Feb. 22, 2024
The article was updated on 18.09.2024
Did you know that Genome offers one of the quickest and most secure authentication methods for your log-ins – biometric authentication?
To enable biometric authentication, you just need to:
- Log into the Genome app;
- Press the profile icon in the upper-left corner;
- Select the Security tab;
- Switch on the Sign in with biometric authentication button and follow further instructions.
If you don’t have the Genome app, don’t worry. You can easily download it for free for your iOS or Android-based device, giving you instant access to its powerful security features.
You might wonder – what is a big deal about additional authentication steps when managing finances online? Unfortunately, even with multiple advanced security solutions, the internet still remains a place where fraudulent scams and crimes occur en masse.
Just look at IBM’s Data Breach Report for 2022, which surveyed over 550 organizations that faced data breaches. The report revealed that 83% of organizations experienced more than one data breach during 2022. And according to their report for 2023, this number increased to a whopping 95%.
The most disturbing discovery is that companies’ security teams detected only one-third of studied breaches, while the criminals themselves disclosed 27% of them. For 2023, the global average data breach cost was a record $4,45 million.
That means many businesses discover the data breach too late and suffer devastating financial and reputational losses. Meanwhile, clients using accounts to access companies’ services know nothing about the breach. As a result, their passwords end up in the scammer’s hands and will subsequently be used to steal their money and data.
The situation went beyond regular “weak customer password,” and today, financial self-awareness is a must. That is why we highly recommend upgrading your financial security. For one, you need to use two-factor authentication whenever it’s possible.
What is two-factor authentication?
Two-factor authentication (2FA), also known as multi-factor authentication (MFA), is a security process that requires users to provide two different methods for authentication when they log into their accounts or perform any other actions that require additional confirmation.
The goal of 2FA is to add an extra layer of security beyond just a password, making it more difficult for scammers to access your accounts or obtain sensitive information.
The two-factor authentication method typically falls into three categories for determining the authenticity of a user:
The knowledge factor – is usually a PIN code, secret word, or any number that serves as a password to a customer.
The possession factor involves something physical that the user possesses, such as a personal mobile device, which a person can use to confirm the 2FA request. For instance, receiving a one-time password via SMS or email is a possession factor verification.
The inherence (biometric) factor involves biometric authentication, using unique biological traits like fingerprints, retinal scans, or facial recognition.
To authenticate successfully, a user must first confirm their password and then use one of the listed 2FA methods.
The importance of multi-factor authentication is hard to overstate:
- It acts as a safety cushion in case your account password is not strong enough or it, unfortunately, has been leaked as a result of a data breach;
- It creates an additional barrier for fraudsters, as they need to have access to your phone/email/biometric data to pass the MFA.
In 2019, Google conducted research using their clients’ experience. It appeared that 100% of automated bots, 99% of bulk phishing attacks, and 90% of targeted attacks were avoided thanks to the company’s notification-based on-device prompts. The research showed that such a method was more secure than SMS codes and secondary email addresses.
Overall, the implementation of 2FA among individuals grows each year. The statistics gathered in the Duo Labs Report showed that in 2021, 79% of respondents from the US and UK used multi-factor authentication compared to 28% in 2017 and 53% in 2019.
While the numbers sound encouraging, people are not as consistent with their security as it seems. According to the same research, only 32,4% of people used 2FA on all apps and websites. Most (37,9%) prefer enabling two-factor authentication only for their selected apps.
SMS vs. biometric authentication: which is more secure?
When you think about multi-factor authentication, the first thing that comes to mind is likely an SMS verification. And no wonder. In 2021, it was the most widely used authentication option (85,2%).
Most users are familiar with receiving and entering codes sent via SMS, making the process intuitive and straightforward.
And it is much easier to implement from a service provider’s perspective. For now, it is a more common method than biometric authentication.
But even today, companies would rather use alternatives to mobile SMS authentication due to its weak points. SMS can be intercepted or redirected, exposing users to phishing attacks where attackers attempt to trick individuals into revealing their authentication codes. Also, losing the phone, sim swap, or malware could lead to the same result.
Meanwhile, biometric authentication, such as the use of fingerprint scanners or facial recognition, offers a significantly higher level of security since it is inherently tied to an individual and is impossible or at least very difficult to replicate.
Unlike any other method, biometric authentication doesn’t rely on your mobile number or phone device. It also doesn’t face technical issues caused by mobile operators’ discrepancies, such as service disruptions, weak phone signals, etc. However, not many financial companies provide such a service because it requires specialized software.
The benefits of biometric authentication compared to SMS authentication:
- Biometric authentication is more secure, as it is much harder to replicate. Meanwhile, SMS can be used for sophisticated phishing and pharming attacks, during which it will be faked or redirected.
- Your biometric data is unique and extremely hard to steal, while malicious actors can see and steal SMS passcodes.
- Biometric authentication is easier to use – just press your finger onto the screen, scan your face, or use a fingerprint sensor on the front/side/back of your phone. You need to receive SMS passwords first and then fill it out in the app.
- Biometric authentication can be more reliable from a technical standpoint, as sometimes SMS passcodes don’t arrive on time due to faulty connection or other issues.