Two-Factor Authentication Matters More Than Ever

Since 2016, cyber-attacks on SMBs have increased by 20%. The vast majority of businesses will experience a cyber attack — and most of them blame employee passwords. Whether employee passwords are being shared, are weak, or are otherwise compromised, passwords are often the weakest link. But this can be defeated through the use of two-factor authentication.

Two-factor authentication (2FA) requires two data points to log-in. Employees might need to both provide a password and an email address, or a password and a phone number, to get through. Even if someone has stolen someone's password, they can't get past two-factor authentication. 

Here are some reasons two-factor authentication remains critical today.

1. Computers are faster than ever.  It used to be that an eight-character password was pretty secure. As long as it wasn't a dictionary word, it would take a long time to "brute force." Brute forcing is when a computer program goes through every iteration of a potential password to determine what the password is. In 1982, that could take nine months. In 2020, it'll take a little more than three hours. Even a nine-character password takes a couple of months. And it's even faster if the password includes whole words. Unless you can rely upon your employees to have detailed passwords, you need to be concerned that they can be cracked.

2. Employees are logging in more frequently.  Employees are now logging in frequently on a multitude of devices. They are on their smartphones, tablets, desktops, and laptops. Every device is a potential method of intrusion. Passwords could be saved anywhere, keyloggers could be placed anywhere, and any device could potentially be lost. 

Because employees are logging into multiple devices and multiple platforms, there's also a greater tendency for them to store those passwords in text files, post-it notes, and other areas where they could easily be taken.

3. Users are increasingly using password protectors.   Password protection is a double-edged sword. On the one hand, users no longer need to remember their passwords, so they can have lengthy, detailed ones. They can even have them auto-generated. But if someone is already signed into their Google account, they can access nearly all their accounts. Unless there is a secondary security check or two-factor authentication check, users may have all their accounts breached after having a single account breached.

4. More people are working remotely.  Employers no longer have strict control over the devices their employees use. Employees will often be using a variety of devices to complete their work, and may use these devices in their personal life as well. Because of this, employers also can't ensure that people have the right security on their systems, or even that employees are locking their computers when they walk away.

Two-factor authentication makes it easier to secure any local or remote desktop gateway to privileged data, rather than the device itself. As more people work remotely, this will become increasingly important.

5. It's easier than before.  In the past, people were hesitant to use two-factor authentication because it was alien. Today, it's become such an industry standard that most people are used to it.
It sticks out not to have multi-factor authentication, and there are many platforms that already have embedded multi-factor authentication services that can be used. For most employers, there's no excuse not to start using multi-factor authentication, and the amount of training can be limited.

6. The risks of a data breach are greater.  Every year, companies put more information online. This information has to be secured and protected. The more personally identifiable, confidential, and privileged information you keep, the more efficient your business likely is. However, it's also the more devastating a data breach could be. Two-factor authentication is an easy and proven way to reduce your organization's risk, thereby reducing the chances that your organization could suffer the serious financial blow of a data breach.

Many small businesses either never fully recover from a data breach or close very soon after one, both because of the financial damage and because of the loss of reputation among customers, vendors, and even employees. To prevent this, organizations can instead choose to proactively protect themselves with security measures such as multi-factor authentication.

Two-factor authentication and multi-factor authentication have been around for a long time. Decades ago, many software solutions couldn't be run unless you both had a password and installed a USB "dongle" which verified ownership. But today, multi-factor authentication is becoming a de facto standard because companies are constantly under attack.

About the author: Lori Wade is a journalist from Louisville, Kentucky and is currently engaged in growing awareness around cyber security. 

You Might Also Read: 

Making 2FA More Secure:

 

« The US Suffers Multiple Attacks By Russian Hackers
Better Cyber Security For Smart Devices »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Infosecurity Europe

Infosecurity Europe

Infosecurity Europe is Europe’s number one information security conference and exhibition.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

Ahope

Ahope

Ahope is a mobile security solution provider in Korea with a long history of security solution development.

Digitronic Computersysteme

Digitronic Computersysteme

Digitronic focus on innovative software to protect your personal and sensitive corporate data.

Silverfort

Silverfort

Silverfort introduces the first security platform enabling adaptive authentication and identity theft prevention for sensitive user, device and resource throughout the entire organization.

Virsec Systems

Virsec Systems

Virsec detects and remediates previously “indefensible” advanced memory-based attacks on critical applications and server endpoints.

ISARA Corp

ISARA Corp

ISARA Corporation is a security solutions company specializing in creating class-defining quantum-safe cryptography for today's computing ecosystems.

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC) is a government body providing support for ICT related activities including formulating national ICT strategy and policy.

Data Destruction London

Data Destruction London

Data Destruction London offers fast, confidential and compliant expert data destruction services to businesses and organisations in London.

HARMAN International

HARMAN International

HARMAN designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide.

North East Business Resilience Centre (NEBRC)

North East Business Resilience Centre (NEBRC)

The North East Business Resilience Centre is a non-profit organisation here to support businesses in the North East of England in protecting themselves from cyber crimes and fraud.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.