The Importance of Two-Factor Authentication
With security breaches, digital crime and internet fraud on the rise, the importance of safeguarding your information has never been greater. Most of the recent breaches have been password related, including the highly talked about celebrity iCloud photo leak, the password security breach for DropBox, and the United States Postal Service has even fallen victim. If big name companies, and celebrities can be targets of data breaches, what is to stop this from happening to you?
One way is to ensure the use of two-factor authentication (2FA), which requires two steps in the verification process, making the act of stealing your information twice as difficult. The basic requirement principles of 2FA involve three different forms to identify and authenticate; these are something you know, something you have, and something you are. Something you know could be a username and password, something you have is a possession, and something you are could be facial recognition, a fingerprint or an eye scan.
More Common Than You Think
Most individuals may not realize that using the ATM or online banking requires two-factor authentication. The ATM demands the PIN that you know and the ATM card that you have. Online banking asks for a username and password, and then usually proceeds in wanting a verification code that is sent through either email or text.
There are a couple of challenges that businesses have faced when implementing 2FA. Some companies do not possess the infrastructure to support it, causing the initial process to become a little more involved when acquiring the necessary infrastructure. It is also difficult to gain, within the company, the expertise of someone who truly knows how to setup 2FA, understands the security component, and makes sure it is working properly.
The biggest issue, however, is getting the employees, or end users, to understand why 2FA is important. This cultural change can mean the difference between it running smoothly, and a total lack of valuing the benefits. With no perceived value, usually follows the failure of the process. One company that has handled this very well is Cook Security Group of Portland. They have established 2FA for every one of their employees that needs access to the company’s sensitive data systems. The authentication system requires a username and password, and then prompts the user for a verification code that is sent from the system to the user’s cellphone; all are phones were provided from the company directly.
What Happens if They Lose the Cellphone?
This is a major concern for companies that have their employees accessing sensitive information on a mobile device. With 2FA this is no longer a problem; there are safeguards in place to make it easy to address this issue in a timely manner by having the capabilities to remotely wipe the device and reset it to factory, or disabling the user account and active directory, or disabling the authentication in the two-factor system itself.
Is it a Huge Time Suck?
As technology grows, the quicker and easier two-factor authentication can be implemented. Many vendors take as little as two seconds to transfer the verification code to the cellphone needed. If 2FA is setup properly, the verification is only a one-time thing that will take approximately ten minutes out of one day.
Make it harder for identity theft and phishing via email to happen to you; require those criminals to gain more information than just your username and password. Privacy is becoming more and more of an issue as technology grows, and by not taking the time to do this simple, ten minute process puts you and your information at risk.
Posted By: Alfonso Powers, Director of IT Projects