Story image

Is the internet getting safer?

18 May 18

Article by Simon Thorpe, ‎director of product, Twilio.

Connecting our human selves to our digital identities is hard. How does your bank know it’s really you behind the browser opening a new account?

How does Facebook know the person logging in from a computer in Turkey is you on holiday, and not a cybercriminal?

We’ve been relying on online usernames and passwords to make the connection between people and their online identities for years.

However, with the constant barrage of websites being hacked, and data being stolen, it’s clear that relying on this method is no longer enough to protect our information online.

Together, with the world’s largest software registry, npm, we have combined data from the past 24 months to look at what security trends are emerging amongst application developers. 

But to understand the trends we see in this data, we first have to understand the breaches taking place, and the level of awareness users have about online security.

Breaches galore

Online data breaches have come to be a regular occurrence.

From iCloud celebrity photo leaks, classified government data being exposed to the public to personal data lost from enormous credit company Equifax, not to mention Facebook’s recent problems.

There is no doubt that there has been a massive increase in the number of breaches over the past two years.

According to Troy Hunt, Information Security Author & Instructor at Pluralsight, Microsoft regional director and founder of Have I Been Pwned, there were 2.9 million globally exposed user records due to data breaches over the past 24 months.

Locally, Australia certainly isn’t immune to the cyber threats.

The Australian Defence force had data leaked which resulted in the loss of 30GB of “commercially sensitive” information, which included documents detailing classified projects and blueprints for planes and Australian navy ships leaked to the general public.

Consumers are doing something about it

Perhaps the most reliable method for consumers to secure their data is through two-factor authentication (2FA), which typically involves a one-time passcode being sent, via SMS to confirm your login.

This method is over 30 years old and is often seen as awkward, requiring a user to re-type a code sent to their phone. Push authentication has recently emerged as a much better way to authenticate users to their online accounts, by using apps on your smartphone to ask for an Approval of Denial to the request to access your account.

Having ownership of the device receiving the message ensures that hackers with your username and password now need to get your device as well before emptying your bank account, for example.

According to Google Trends, there has been a steady increase in the general population’s interest of 2FA, with searches more than tripling in the last two years.

However, there is still a long way to go. A quick look at the website Two Factor Auth shows that only 50% of 1,000 popular websites offer any form of 2FA.

What this shows is that while consumers are becoming more aware of this practice, businesses need to be doing more to activate it and make it available to their customers.

After looking at our 2FA API, we tracked the trends for how our customers' users are enabling and using 2FA. Over the past 24 months, we saw a 538% increase of users logging in with 2FA enabled accounts.

Developers are taking action

It’s pretty obvious that hackers are successfully exposing user data.

This has pushed developers to look for ways to improve the security of their apps. npm analysed the metadata of every security package on the Registry - a publicly-searchable collection of over 600,000 modules of reusable JavaScript code accessed by over 12 million developers per week - and uncovered some dramatic trends.

Downloads of the most popular security packages on the Registry have increased by 548% since January 2016 and popular packages for supporting 2FA have also grown in popularity, seeing a 320% increase in downloads over the last 24 months.

The massive increase in downloads of security tools highlights a growing pressure on developers to update their applications with better security. The whopping 320% increase in downloads of 2FA packages illustrates just how rapidly it is becoming a security standard across applications and industries.

Progress is being made

The conclusions that can be drawn from all this data is that, from an application perspective, it’s clear that data breaches are not slowing down, which is leading developers and consumers to look to the open-source community for solutions.

While data breaches are likely to continue, tools like 2FA give both developers and consumers the ability to secure their data.

But, is the internet getting any safer?

Enabling 2FA definitely ensures user accounts are a lot more secure than when protected just by passwords, and evidence shows its usage is significantly increasing - a sign that our online accounts are being better protected.

2FA is one of the best ways to protect online accounts against a takeover but it needs to become mainstream.

If applications adopt modern methods such as push authentication, not only will it improve the user experience, but it would also incline developers to make 2FA mandatory, therefore making strong security a default for all our online accounts.

Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
Mobile Infrastructure market sees fastest growth since 2014
The report from Dell’Oro shows that while the vendor rankings for the top three vendors remained unchanged with Huawei, Ericsson, and Nokia leading.
HPE unveils AI-driven operations for ProLiant, Synergy and Apollo servers
With global learning and predictive analytics capabilities based on real-world operational data, HPE InfoSight supposedly drives down operating costs.
Deloitte bolsters AWS offerings with CloudinIT
“By joining forces we can help even more organisations adopt cloud technologies and put their customers at the heart of their digital agendas.”
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
Enterprises to begin closing their data centres
Dan Hushon predicts next year companies will begin bidding farewell (if they haven't already) to their onsite data centres.
Citrix acquires micro app platform Sapho
Sapho’s micro applications improve employee productivity by consolidating access to tools, activities and tasks in a simple and unified work feed.
HPE expands AI-driven operations
HPE InfoSight extends select predictive analytics and recommendation capabilities to HPE servers, enabling smarter, self-monitoring infrastructure.