Why 50% of one-time passwords fail to arrive

On average almost 50% of One-Time Passwords(OTPs) fail to arrive due to invalid mobile numbers provided by end-users, reveals new global research by the Ponemon Institute, sponsored by mobile interaction service provider tyntec.

The ‘Unlocking the Security Potential: The Key to Effective Two-Factor Authentication’ research also revealed that 65% of respondents felt the traditional username and password approach was insecure. As a result, 90% of global IT managers say their organisations plan or consider the possibility to adopt SMS-enabled two-factor authentication (2FA) in 2014 in order to improve online security.

Influx of failed One-Time Passwords 
The majority of international respondents (31%) cited on average 11-20% is the amount of OTPs that fail to be delivered. Of that, almost 50% on average fail because an invalid mobile number was entered by the end-user. As well as end-users providing invalid mobile numbers, OTPs can also fail due to technical error if companies choose to deploy cheap SMS solutions which offer poor delivery rates.

To combat these technical difficulties, 66% of respondents said they would be interested in verifying where end-users are located and to check their mobile number is valid in real-time. The research confirmed that currently only 4% of respondents verify mobile numbers before sending OTPs.

In addition, 55% of all those surveyed, considered SMS-enabled two-factor authentication to be more secure than other 2FA methods. 71% of respondents prefer SMS-enabled 2FA because it’s an easy solution for their end users.

Solution: mobile number verification
Thorsten Trapp, Co-Founder and CTO for tyntec commented: “To service providers looking to increase security for their users, the ability to pre-verify mobile numbers is essential. In addition to accruing costs in messaging fees, invalid mobile numbers also result in unauthenticated One-Time Passwords, un-activated accounts and un-met expectations on behalf of both the sender and end-user. Companies therefore need to ensure that the balance between cost and reliability is optimized right from the beginning. By performing a validity check of the mobile numbers provided in real-time, companies can instantly notify users. As a result, service providers can improve customer satisfaction with fewer complaints, reduced customer support costs and higher conversion rates.”

Larry Ponemon, Chairman and Founder of the Ponemon Institute, added: “Enterprises and Internet companies know that the traditional username and password is simply not enough anymore. However, companies deploying SMS-enabled two-factor authentication need to ensure that one-time passwords aren’t being sent to invalid mobile numbers. As a result, the research confirmed that 67% of respondents said customer experience improves when SMS-enabled two-factor authentication is combined with real-time verification of the receiver’s mobile number.”