Data breaches are rising at an alarming rate and when personal data is lost, the recommendation is enable two-factor aut
IS THE INTERNET GETTING SAFER? Data breaches are rising at an alarming rate and when personal data is lost, the recommendation is enable two-factor authentication (2FA) on accounts. But this requires companies providing 2FA in the first place. Analysis done by npm and Twilio found that developers are increasingly adding security to their applications and users are becoming more aware of 2FA. While data breaches are still common, there is a rapidly increasing set of tools for users and developers to protect themselves and the quickest and most secure way to defend against hackers stealing your passwords is switching on 2FA for your account.
DATA BREACHES CONTINUE TO RISE Total breaches in the US doubled from 2015 to 2017, rising from 780 to 1,579.
2,889,920,099 USER RECORDS EXPOSED GLOBALLY IN THE LAST 24 MONTHS.
BUSINESS
EDUCATION
GOVERNMENT
HEALTH
FINANCE
374
52
374
134
BREACHES IN 2016
495
98
(45.2%)
72
(9.0%)
(6.6 %)
(34.5%)
(4.8%)
BREACHES IN 2017
870
127
74
(8%)
(55.1%)
(4.7%)
(23.7%)
(8.5%)
Source: https://www.idtheftcenter.org
THE 5 LARGEST BREACHES OVER THE LAST 24 MONTHS # R EC OR D S L O S T
5,000,000
4 /11/2 016
O f fice of Child Suppor t Enforcement
# R EC OR D S L O S T
8/ 5 /2 016
3,623,140 B anner H ealth
# R EC OR D S L O S T
5,500,000
3 /21/2 017
America’s J oblink Alliance
# R EC OR D S L O S T
9/ 7/2 017 # R EC OR D S L O S T
145,500,000 Equifax
5,000,000
10/ 3 /2 017
Sonic Drive - In
CONSUMERS WANT TO LEARN ABOUT 2FA The quickest and most secure way of defending against hackers stealing your passwords is switching on 2FA for your account.
G O O G LE S E A RCH TR E NDS F O R K E Y WO RD “2 FA” J U L ‘1 6
N OV ‘ 17
MAR ‘ 17
AU G ‘1 6 JA N ‘ 16
TODAY LESS THAN
50% 156% of popular websites offer 2FA.
increase in searches for 2FA in last 2 months.
THE AVER AGE PERSON HAS
26 PASSWORDS
It’s painful to change them all after a data breach.
DEVELOPERS ARE LOOKING FOR SOLUTIONS npm Registry search cloud reveals many authentication technologies are on the minds of developers. CBS-AUTHENTICATION
AUTHENTICATION WSSECURITY ACTIVE
OAUTH DIGEST
LDAPOAUTH2 LOGIN
SOCIAL
ANGULAR 12FACTOR
NODE
PASSPORT REACT
WINDOWS
SAML
WS-SECURITY
CONTENT NTLM
JWT USER
TOKEN
HTTP
FACEBOOK
POUCHDB-AUTHENTICATION
SERVERLESS-AUTHENTICATION
FEATHER S-AUTHE NTICATIO N LINKEDIN
GOOGLE TWO-FACTOR
ANGULAR
AUTHENTICATION
CSS
HTTP
TWO
HAPL
COOKIE
AURELLA-AUTHENTICATION
HTTP-AUTHENTICATION AUTHENTICATION
CENTRAL
HOMEBRIDGE AUTHENTICATION
TWO-FACTOR EXPRESS
EXPRESS
BASIC
TWITTER
EXPRESS-AUTHENTICATION SECURITY-HOLDER
AGULARJS-AUTHENTICATION CONTENT-SECURITY-POLICY
DEVELOPERS ARE INCREASINGLY DOWNLOADING SECURITY PACKAGES Developers are integrating more security, while 2FA is seeing a significant increase.
548% 320% increase in downloads of most popular security packages since Jan 2016.
51%
increase in popular 2FA packages over past 14 months.
254%
2016
JUL ‘ 17
2017
Monthly security package downloads increased in 2016 by 51%, which rose further to 254% in 2017.
JAN ‘ 17
TO P S ECU RI T Y PACKAGES D OW N LOA D E D P E R M O NT H
J U L ‘1 6
JAN ‘ 16
USERS ARE SWITCHING ON 2FA
618% 538% increase in users enabling 2FA from 2015 to 2017.
increase in 2FA protected logins in last 24 months.
JUL ‘ 17
JAN ‘ 17
U.S.A.
J U L ‘1 6
USA is the top country, accounting for 65% of 2FA secured users.
JAN ‘ 16
USERS E N A BL I N G 2FA
��� ��� WINDOWS • 2% MAC OS • 1%
OTHER • 18.9%
BROWSER APP • 10%
ANDROID • 47%
AUSTRALIA • 1.2% RUSSIA • 1.2% VENEZUELA • 1.4% INDIA • 1.4% GERMANY • 1.4% INDONESIA • 1.5% UNITED KINGDOM • 3.3% BRAZIL • 4.5%
iOS • 40%
Distribution of platforms used for 2FA
U.S.A • 65.1%
Top countries with users securing accounts with 2FA
DEVELOPER TIPS What can you do to follow the trend and increase the security of your applications?
1. Review the OWASP Ten Most Critical Web Application Security Risks for 2017. http://bit.ly/toptenowasp 2. If you don’t offer 2FA to your users, search the npm repository for 2FA packages you can use. http://bit.ly/npmtfa 3. Consider using tools like the Node Security Platform (http://bit.ly/nodespcli) to continuously monitor security issues in your code base during the development cycle.
CONSUMER TIPS What can you do to improve your awareness and protection of your accounts online?
1. Sign up to haveibeenpwned.com to be alerted if your email is in a data breach. 2. Use twofactorauth.org to find if a website you use has 2FA. 3. Search https://authy.com/guides for your favorite websites and enable 2FA. 4. Visit https://authy.com/download to download Authy and manage your 2FA tokens.
