Two-Factor Authentication Matters More Than Ever

Uploaded on 2021-04-28 in TECHNOLOGY--Resilience, FREE TO VIEW

Since 2016, cyber-attacks on SMBs have increased by 20%. The vast majority of businesses will experience a cyber attack — and most of them blame employee passwords. Whether employee passwords are being shared, are weak, or are otherwise compromised, passwords are often the weakest link. But this can be defeated through the use of two-factor authentication.

Two-factor authentication (2FA) requires two data points to log-in. Employees might need to both provide a password and an email address, or a password and a phone number, to get through. Even if someone has stolen someone's password, they can't get past two-factor authentication. 

Here are some reasons two-factor authentication remains critical today.

1. Computers are faster than ever.  It used to be that an eight-character password was pretty secure. As long as it wasn't a dictionary word, it would take a long time to "brute force." Brute forcing is when a computer program goes through every iteration of a potential password to determine what the password is. In 1982, that could take nine months. In 2020, it'll take a little more than three hours. Even a nine-character password takes a couple of months. And it's even faster if the password includes whole words. Unless you can rely upon your employees to have detailed passwords, you need to be concerned that they can be cracked.

2. Employees are logging in more frequently.  Employees are now logging in frequently on a multitude of devices. They are on their smartphones, tablets, desktops, and laptops. Every device is a potential method of intrusion. Passwords could be saved anywhere, keyloggers could be placed anywhere, and any device could potentially be lost. 

Because employees are logging into multiple devices and multiple platforms, there's also a greater tendency for them to store those passwords in text files, post-it notes, and other areas where they could easily be taken.

3. Users are increasingly using password protectors.   Password protection is a double-edged sword. On the one hand, users no longer need to remember their passwords, so they can have lengthy, detailed ones. They can even have them auto-generated. But if someone is already signed into their Google account, they can access nearly all their accounts. Unless there is a secondary security check or two-factor authentication check, users may have all their accounts breached after having a single account breached.

4. More people are working remotely.  Employers no longer have strict control over the devices their employees use. Employees will often be using a variety of devices to complete their work, and may use these devices in their personal life as well. Because of this, employers also can't ensure that people have the right security on their systems, or even that employees are locking their computers when they walk away.

Two-factor authentication makes it easier to secure any local or remote desktop gateway to privileged data, rather than the device itself. As more people work remotely, this will become increasingly important.

5. It's easier than before.  In the past, people were hesitant to use two-factor authentication because it was alien. Today, it's become such an industry standard that most people are used to it.
It sticks out not to have multi-factor authentication, and there are many platforms that already have embedded multi-factor authentication services that can be used. For most employers, there's no excuse not to start using multi-factor authentication, and the amount of training can be limited.

6. The risks of a data breach are greater.  Every year, companies put more information online. This information has to be secured and protected. The more personally identifiable, confidential, and privileged information you keep, the more efficient your business likely is. However, it's also the more devastating a data breach could be. Two-factor authentication is an easy and proven way to reduce your organization's risk, thereby reducing the chances that your organization could suffer the serious financial blow of a data breach.

Many small businesses either never fully recover from a data breach or close very soon after one, both because of the financial damage and because of the loss of reputation among customers, vendors, and even employees. To prevent this, organizations can instead choose to proactively protect themselves with security measures such as multi-factor authentication.

Two-factor authentication and multi-factor authentication have been around for a long time. Decades ago, many software solutions couldn't be run unless you both had a password and installed a USB "dongle" which verified ownership. But today, multi-factor authentication is becoming a de facto standard because companies are constantly under attack.

About the author: Lori Wade is a journalist from Louisville, Kentucky and is currently engaged in growing awareness around cyber security. 

You Might Also Read: 

Making 2FA More Secure:

 

« The US Suffers Multiple Attacks By Russian Hackers
Better Cyber Security For Smart Devices »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Aurec

Aurec

Aurec provides specialist recruitment and contracting services including ICT professionals.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

Direct Recruiters Inc

Direct Recruiters Inc

Direct Recruiters is a relationship-focused search firm that assists IT Security and Cybersecurity companies with recruiting high-impact talent.

Telspace Africa

Telspace Africa

Telspace Africa provide the highest level of IT security solutions including advisory, penetration testing, vulnerability assessments, red teaming, social engineering and training.

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

Alan Boswell Group

Alan Boswell Group

We are a Group of Companies providing specialist Insurance Broking and Risk Management advice and services including Cyber Risk cover.

Cyacomb

Cyacomb

Cyacomb (formerly Cyan Forensics) provides digital forensics software to help police forces find evidence on computers many times faster than before.

Fugue

Fugue

Fugue ensures cloud infrastructure stays in continuous compliance with enterprise security policies.

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

BitNinja

BitNinja

BitNinja provides full-stack server security in one easy-to-use protection suite. Enjoy real-time protection, automatic false positive handling and threat analysis for more in-depth insights.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

Global Market Innovators (GMI)

Global Market Innovators (GMI)

Global Market Innovators (GMI) delivers secure technology solutions to organizations in need.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.

SPYROS Information & Technology Consulting

SPYROS Information & Technology Consulting

SPYROS specializes in providing highly qualified professionals in Computer Network Operations, Signals Intelligence, Technical Training and Certifications, Network Administration and Security.

AppSOC

AppSOC

AppSOC is a leader in Application Security Posture Management (ASPM) and Code-to-Cloud Vulnerability Management.

Adaptive Security

Adaptive Security

Adaptive is a next-generation cybersecurity platform. We're working with pioneering security teams to protect critical systems from AI-powered cyber attacks.