Two factors are better than one when it comes to security

Jan 25, 2024

Before discussing 'what is two-factor authentication,' let's consider the reasons why it's important to enhance your online account security. 

Online account security is more important than ever

With so much of our lives happening on laptops and mobile devices, it’s no wonder our digital accounts have become a magnet for criminals. According to Price Waterhouse Coopers (PWC), since 2014 malicious attacks against companies have been the world’s economic crime and the numbers continue to rise. It’s no exaggeration to say that cybersecurity attacks are becoming more usual, more sophisticated, more difficult to spot, and expensive to recover from.

For businesses, the effects of a targeted hack can be devastating. Global companies, small and medium-sized businesses can suffer from severe financial and reputational losses. A recent study revealed that in 2016 over $16 billion was taken from 15.4 million consumers. Even more incredibly, thieves stole over $107 billion in the past six years.

Why aren't passwords good enough?

The days of trusting passwords alone are over. Unfortunately, passwords are not as secure as they used to be. Hackers are now taking advantage of many powerful solutions designed to force their way into accounts by using software to rapidly reveal thousands of passwords per second, making it extraordinarily difficult to prepare yourself for them.

What’s the best way to guarantee that passwords aren’t going to be the downfall of your company? 

Luckily, it’s easy to add an extra level of protection to user accounts. A good start is by taking a close look at password best practices and two-factor authentication.

So, what is 2FA? 

Two-factor authentication is an extra layer of security for your business, which can help you address the vulnerabilities of a standard password-only approach. 2FA is a method of establishing access to an account or a system that asks the user to provide more than one type of information. 

A factor in this context simply means a way to convince a computer system or online service that you are who you say you are, so the system can determine if you have the rights to access the data services that you’re trying to access. The most frequently used authentication factor is the username/password pair, and since most accounts only require a password for access, most systems thus use one-factor authentication for safety. With 2FA, you’ll have to provide a password and prove your identity to gain access.

How does 2FA work? 

Two-factor authentication works by using a device or email account as a secondary credential for accessing an account or a network. Firstly, a user will enter their username and a password. Then, the user will be asked to provide another piece of information. This second factor could come from one of the following categories:

  • Something you know (e.g. a PIN, a password, provide an answer to 'secret questions')
  • Something you have (e.g. a small hardware token)
  • Something you are (e.g. a biometric pattern of a fingerprint)

 

What are the benefits of using 2FA?

With 2FA, a potential compromise of just one of these factors won’t unlock the account. So, even if your password is stolen or your phone is lost, the chances of someone else having your second-factor information is highly unlikely. Looking at it from another angle, if a consumer uses 2FA correctly, websites and apps can be more confident of the user’s identity and unlock the account.

2FA can:

  • Protect you from being hacked. You will be notified in case somebody tries to log in to your account.
  • Avoid putting your company at risk.
  • Improve your online account safety.
  • Protect from the loss of personal data for your users.
  • Protect your company-owned applications.
  • Protect your shared documents.

 

As they are constantly changed, dynamically generated passcodes are safer to use than fixed (static) log-in information. Depending on the solution, passcodes that have been used are automatically replaced to ensure that a valid code is always available; transmission/reception problems do not, therefore, prevent logins.

Why use two-factor authentication?

One of the primary reasons is that widespread major data breaches, which have put millions of email address/password pairs up for sale on the dark web, have made many passwords less secure. Most people reuse passwords across various sites and/or accounts; a hacker can plug in new email address/password pairs into dozens of sites and see which of them provides access. Verizon’s 2017 Data Breach Investigations Report found that 81% of account breaches could be attributed to passwords that were either leaked in this way or passwords that were so weak that they were very easy to find.

Many sites use knowledge-based authentication — 'What’s your pet’s name?' or 'What was the name of your first school?' as a sort of backup to passwords. However, such questions are often posed above a password if a user is logging into a site from a new computer or a new network connection, for instance. Still, there are weaknesses here: for instance, with so much personal information publicly available for those who know where to look, a determined hacker could easily find out the answers to these questions. But more importantly, these techniques don’t represent an actual second security factor, and therefore can’t provide the security of two-factor authentication.

Do I need 2FA? 

The answer is quite simple: Two-factor Authentication solutions should be used by businesses of all sizes – seeking to keep confidential data and their digital lives secure.

Security experts and service providers recommend enabling 2FA wherever possible (email accounts, social media applications, cloud storage services, financial services).

Unfortunately, stolen, reused, and weak passwords remain the main causes of security breaches. The good news is that cybercrime is in the news so much that 2FA awareness is rapidly growing and users are demanding that the companies they do business with have improved security.

Enabling two-factor authentication for all your accounts can be a daunting process. If your business needs to protect sensitive data, two-factor authentication is one line of defense you will need. 

Contact us today to find out how we can help your business improve its data security here