Skip to content

Hackers Love Companies That Don't Use Multi-Factor Authentication


It’s remarkable just how many significant security breaches could have been prevented if only multi-factor authentication technology had been deployed.

A lack of strong authentication is the reason behind the recent breach of the popular mobile app Timehop, which lets users see social media posts from the same date in previous years, exposed the credentials, phone numbers and social media histories of more than 21 million users. What’s worse is there’s a considerable length of time that the hacker’s presence went undetected, making this application’s user identities ripe for theft.

Here’s what happened. A Timehop employee’s credentials were leaked which gave a hacker access to their system. The use of strong authentication, multi-factor authentication in particular, would have required the hacker provide a second form of authentication beyond a username and password. A failure of the secondary authentication would have stopped the hacker cold.

Earlier in July, IBM Security issued a report that revealed the high cost and impact associated with serious data breaches, much like the one at Timehop. The report suggests the average cost of a data breach globally is slightly less than $4 million (it’s nearly $8 million in the U.S.), but damages can extend into the hundreds of millions of dollars. Estimates say a breach of 50 million records or more can cost as much as $350 million in damages. Timehop was 21 million; imagine what a small investment in MFA technology could have saved them?

Still haven’t deployed strong security in the form of multi-factor authentication? It’s high time to get started by choosing a solution that’s right for your organization and your end users. Multi-factor authentication is a must along with complementary technologies like single sign-on, user directories and other sites that allow for strong authentication and protect social media, email communications and business-critical applications.

It’s easy to point the finger at a company’s IT department and say, "Why didn’t we have this stronger security?" The answer is sometimes simple — companies are confused about which technology to use, these tools were never intended to be used together, and integration can become expensive and cumbersome. Today, the right level of security requires additional technologies to keep up with the emerging threat vectors. All of this points to the urgent need for businesses to implement multi-factor authentication and a risk-based approach to access management.

The IBM Security report also found that one major factor impacting the cost of a data breach in the U.S. was the reported cost of lost business, which was $4.2 million, more than the total average cost of a breach globally, and more than double the amount of "lost business costs" of any other region surveyed.

Make adding an MFA solution a priority. Your customers’ experience, brand reputation and bottom line depend on it.

This article was originally published on July 24, 2018 by David Vergara at