Having access to the right data is like sitting on a gold mine. The expression is almost starting to get worn out but that doesn’t make it any less true. Now if you owned a gold mine, would you lock it with a simple padlock and then leave the key under the doormat? That is essentially what many companies are doing with their data. Adding two-factor authentication can turn your data padlock into a vault.
Most passwords are too simple, a child’s name and birthday, and even the complex ones are easily hacked. Combine this with the regular company e-mail username and you have your data padlock. By now you don’t need any advanced skills to hack a password, especially if the email address is already known. Modern tools let the hacker test billions of passwords every second and those tools are only a couple of Google searches away.
What is two-factor authentication?
Two-factor authentication is also commonly referred to as 2FA or sometimes multifactor authentication and it basically adds an additional layer of verification. As a comparison, the old standard username and password login could be called a one-factor authentication. With 2FA you will first have to enter your username and password. That’s the first factor, then an additional piece of information needs to be provided in order to verify your identity.
Two-factor authentication is specifically designed to be very hard for cybercriminals to get ahold of. It’s not just a second password or a security question like the old “what was the name of your first pet?”. The whole point is that the second piece of information requires something unique for the user to access the information. For example their fingerprint or phone number.
Different types of two-factor authentication
As previously mentioned there are several different methods of verifying your identity by 2FA. Your company can therefore choose the one best suited for their workforce.
- Text message verification – When logging in the user receives a text message with a code to enter as a second means of verification.
- Authenticator applications – Download an app, for example Google Authenticator, which is then linked to your account. It then generates temporary codes that are usable for a limited time. Other applications have a simple popup with a Yes / No option when a login is attempted.
- Hardware tokens – A separate small device that will generate a passcode at the push of a button. Extremely secure as long as the device is not misplaced.
- Email – When logging in the worker will get an email prompting them to certify their identity by pressing a link or inputting a password. This will often require a separate email address, especially if the email address is also used as a username.
- Voice call – This method is fairly uncommon. The user will get a phone call where a text-to-speech bot will give the passcode.
Every company should consider 2FA
Two-factor authentication greatly reduces the risk of cyberattacks being successful. This has the potential to save massive amounts of money. Hackers could lock you out and hold your entire system hostage. The number of cyberattacks is growing and so is the work-from-home trend. Employees working from unsecured wifi-networks poses an increasing risk. 2FA will provide the security layer that is needed for sketchy café wifi. It also greatly reduces the threat of phishing emails, one compromised device will not make the two-factor authentication vulnerable.
If a password is compromised a 2FA system will also notify you of this. If someone attempts to log in and the 2FA passcode is not entered correctly you will immediately get a warning. An email will alert you and prompt you to change the compromised passwords.
There is an added benefit for your IT department as well. About 30-40% of the calls answered by the average IT department are related to resetting passwords. Two-factor authentication will provide a secure way for the workers to reset their own passwords.