Are you using two factor authentication? Are you using it for every website and account that offers it? If you haven’t answered “yes” to both questions, you should probably reconsider your security. If you answered “what’s two factor authentication,” we need to talk.
What is Two Factor Authentication?
Two factor authentication (2FA) is a process wherein two separate credentials are provided to log into an account or system for enhanced security. Two factor authentication can also be called two step or dual factor, and it falls under the umbrella of multifactor authentication (MFA) –which is the same process that requires two or more pieces of identification.
How Does Two Factor Authentication Work?
Two factor authentication most commonly asks of you something you have and something you know. Something you know could be a password or PIN. Something you have could be an ID badge or your cell phone. One of the most well known uses of two factor 2FA is at the bank: Withdrawing from an ATM requires your bank card (something you have) and your PIN (something you know).
The “what you have” part of the exchange once commonly depended on tokens, or small keychain fobs with a screen displaying a multi-digit number that changes periodically. The number on the fob syncs with a server and is typically designed to protect corporate accounts (or, interestingly, high profile video game accounts). With a token, a user logs on with their username and password like normal and then enters the number that appears on the fob when prompted.
Physical tokens like this are less common now with the ubiquity of smartphones. Apps like Google Authenticator take the place of physical tokens, though working in very much the same way.
In lieu of a dedicated app, an account can send a one time code through text messaging (SMS), email or even by phone, if you have registered this information with the account. If your Facebook or Amazon account has ever texted you a code to verify your identity, you’ve enjoyed the security of two factor authentication. It is an increasingly common feature of most popular websites.
A third factor, called an inherent factor, is biometrics. This is like using your fingerprint or your face to unlock your phone. Your voice or your iris are other biometric inherent factors. Other, less common and more restricting factors, include factors such as location and time.
Why is Two Factor Authentication Important?
Passwords, even strong and lengthy passwords, are becoming a low hurdle for cyber criminals. And, the unfortunate truth is, the most common passwords are generally neither strong nor lengthy. In fact, the UK’s National Cyber Security Centre culled through passwords from past breaches and found that more than 23 million people use 123456 as their password. An additional 7 million use 123456789. That’s more than 30 million people using an objectively terrible password.
Managing passwords is a unique and modern challenge. Which is not to let anyone off the hook –you should be using strong, unique passwords for every account. Combined with a strong password, two factor is a nearly impenetrable wall to your data. Alex Weinert of Microsoft says, “Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA.”
2FA is important your important in your daily life, but it is absolutely vital to your business. If you wouldn’t anyone skulking around in your Twitter account, why should you invite disaster in your business accounts by using only a password? Two factor authentication is a MUST in business.
We advocate strongly for 2FA here at I-M Technology because our clients’ security is paramount. Our own systems use a variety security measures to not only secure our information, but also the information of the companies we work with.
Are you a business owner in southern New England and in need of a cybersecurity consultation?
Fill out this form below to sign up for a FREE assessment from I-M Technology. We're experienced in keeping businesses secure.
