Two-factor authentication, or 2FA, adds a layer of protection to the account verification process. It requires users to prove themselves in two different ways before gaining access to their account. The security protocol comes standard with Google products and services, and about 80 percent of banks and finance companies in the U.S. use some form of it, as well. Should your business, too?
Making the Case for Two-Factor Authentication
Data breaches jumped 29 percent in the first half of 2017, according to a report from the Identify Theft Resource Center.
Headlines tend to belong to the big companies (like Equifax, Yahoo, Verizon and Deloitte), but they are not the only companies being targeted. Of all targeted attacks, 31 percent are aimed at businesses with fewer than 250 employees, says the 2017 Symantec Internet Security Threat Report.
Weak or stolen user credentials are hackers’ weapon of choice, used in 95 percent of all web application attacks. Unfortunately, “123456” and “password” are the two most common passwords leaked by hackers, according to an annual list compiled by SplashData. Add to that the fact that password theft is constantly evolving as hackers employ methods like keylogging, phishing and pharming, and you can see how important 2FA becomes.
Cyber criminals do more than merely steal data. Often, they destroy data, change programs or services, or use servers to transmit propaganda, spam or malicious code. 2FA protects your sensitive data and information from malicious activities, and it ensures that a password alone is not enough for an attacker or intruder to compromise digital assets.
Different Options for Two-Factor Authentication
When the gas pump prompts you for your billing zip code, that’s 2FA in action. Same with accessing your account from an ATM. In both cases, the first factor is the card itself; the second is a piece of information that only the authorized user of the card should know. Other options include security questions and one-time unique verification codes sent to either SMS, email or served up on authenticator apps (such as with Google Authenticator). Here’s a great primer of 2FA options from the Electronic Frontier Foundation.
Getting up to Speed on Two-Factor Authentication
Bryan Vaden, chief technology officer at XMI, says there are multiple ways to enable 2FA, so you’ll want to understand your software access requirements. When adding 2FA to XMI’s employee VPN and remote desktop services, Vaden used the free Google Authenticator app. There are many other private services that can be purchased as well.
When implementing 2FA, Vaden says it’s important to communicate and train employees on new security protocols. This will help increase buy-in, not to mention cut down on calls to the help desk.
If you need help implementing 2FA in your organization or evaluating the best 2FA protocols, please get in touch. Call 615-248-9255 or fill out our online form.