Two-Factor Authentication Matters More Than Ever

Since 2016, cyber-attacks on SMBs have increased by 20%. The vast majority of businesses will experience a cyber attack — and most of them blame employee passwords. Whether employee passwords are being shared, are weak, or are otherwise compromised, passwords are often the weakest link. But this can be defeated through the use of two-factor authentication.

Two-factor authentication (2FA) requires two data points to log-in. Employees might need to both provide a password and an email address, or a password and a phone number, to get through. Even if someone has stolen someone's password, they can't get past two-factor authentication. 

Here are some reasons two-factor authentication remains critical today.

1. Computers are faster than ever.  It used to be that an eight-character password was pretty secure. As long as it wasn't a dictionary word, it would take a long time to "brute force." Brute forcing is when a computer program goes through every iteration of a potential password to determine what the password is. In 1982, that could take nine months. In 2020, it'll take a little more than three hours. Even a nine-character password takes a couple of months. And it's even faster if the password includes whole words. Unless you can rely upon your employees to have detailed passwords, you need to be concerned that they can be cracked.

2. Employees are logging in more frequently.  Employees are now logging in frequently on a multitude of devices. They are on their smartphones, tablets, desktops, and laptops. Every device is a potential method of intrusion. Passwords could be saved anywhere, keyloggers could be placed anywhere, and any device could potentially be lost. 

Because employees are logging into multiple devices and multiple platforms, there's also a greater tendency for them to store those passwords in text files, post-it notes, and other areas where they could easily be taken.

3. Users are increasingly using password protectors.   Password protection is a double-edged sword. On the one hand, users no longer need to remember their passwords, so they can have lengthy, detailed ones. They can even have them auto-generated. But if someone is already signed into their Google account, they can access nearly all their accounts. Unless there is a secondary security check or two-factor authentication check, users may have all their accounts breached after having a single account breached.

4. More people are working remotely.  Employers no longer have strict control over the devices their employees use. Employees will often be using a variety of devices to complete their work, and may use these devices in their personal life as well. Because of this, employers also can't ensure that people have the right security on their systems, or even that employees are locking their computers when they walk away.

Two-factor authentication makes it easier to secure any local or remote desktop gateway to privileged data, rather than the device itself. As more people work remotely, this will become increasingly important.

5. It's easier than before.  In the past, people were hesitant to use two-factor authentication because it was alien. Today, it's become such an industry standard that most people are used to it.
It sticks out not to have multi-factor authentication, and there are many platforms that already have embedded multi-factor authentication services that can be used. For most employers, there's no excuse not to start using multi-factor authentication, and the amount of training can be limited.

6. The risks of a data breach are greater.  Every year, companies put more information online. This information has to be secured and protected. The more personally identifiable, confidential, and privileged information you keep, the more efficient your business likely is. However, it's also the more devastating a data breach could be. Two-factor authentication is an easy and proven way to reduce your organization's risk, thereby reducing the chances that your organization could suffer the serious financial blow of a data breach.

Many small businesses either never fully recover from a data breach or close very soon after one, both because of the financial damage and because of the loss of reputation among customers, vendors, and even employees. To prevent this, organizations can instead choose to proactively protect themselves with security measures such as multi-factor authentication.

Two-factor authentication and multi-factor authentication have been around for a long time. Decades ago, many software solutions couldn't be run unless you both had a password and installed a USB "dongle" which verified ownership. But today, multi-factor authentication is becoming a de facto standard because companies are constantly under attack.

About the author: Lori Wade is a journalist from Louisville, Kentucky and is currently engaged in growing awareness around cyber security. 

You Might Also Read: 

Making 2FA More Secure:

 

« The US Suffers Multiple Attacks By Russian Hackers
Better Cyber Security For Smart Devices »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Mimecast

Mimecast

Mimecast delivers cloud-based email management for Microsoft Exchange and Microsoft Office 365 including archiving, continuity and security.

American International Group (AIG)

American International Group (AIG)

AIG, is an American multinational insurance corporation. Commercial services include cyber risk insurance.

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

AdNovum Informatik

AdNovum Informatik

AdNovum Informatik provides a full set of IT services, ranging from consulting, the conception and implementation of customized business and security solutions to maintenance and support.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

Gradiant

Gradiant

Gradiant’s mission is to contribute to the growth and competitive improvement of Galician businesses through technology development and innovation using ICT.

Montimage

Montimage

Montimage develops tools for testing and monitoring networks, applications and services; in particular, for the verification of functional, performance (QoS/QoE) and security aspects.

Wynyard Group

Wynyard Group

Wynyard Group is a niche, technology-driven company specializing in Integrated Border Security solutions for enhanced public safety.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

ChaosSearch

ChaosSearch

ChaosSearch is a massively scalable ELK-compatible log analysis platform delivered as a fully managed service with high-performance and low cost.

riskmethods

riskmethods

riskmethods helps you proactively identify, assess and mitigate supply chain risk. You need to master supply chain risk management—we can help.

BreachBits

BreachBits

BreachBits are on a mission to deliver world-class cyber risk insights continuously at scale in situations where knowing the true risk truly matters.

CYNC Secure

CYNC Secure

CYNC boosts cybersecurity remediation by consolidating fragmented data and optimizing operational processes.