Two-Factor Authentication Matters More Than Ever

Uploaded on 2021-04-28 in TECHNOLOGY--Resilience, FREE TO VIEW

Since 2016, cyber-attacks on SMBs have increased by 20%. The vast majority of businesses will experience a cyber attack — and most of them blame employee passwords. Whether employee passwords are being shared, are weak, or are otherwise compromised, passwords are often the weakest link. But this can be defeated through the use of two-factor authentication.

Two-factor authentication (2FA) requires two data points to log-in. Employees might need to both provide a password and an email address, or a password and a phone number, to get through. Even if someone has stolen someone's password, they can't get past two-factor authentication. 

Here are some reasons two-factor authentication remains critical today.

1. Computers are faster than ever.  It used to be that an eight-character password was pretty secure. As long as it wasn't a dictionary word, it would take a long time to "brute force." Brute forcing is when a computer program goes through every iteration of a potential password to determine what the password is. In 1982, that could take nine months. In 2020, it'll take a little more than three hours. Even a nine-character password takes a couple of months. And it's even faster if the password includes whole words. Unless you can rely upon your employees to have detailed passwords, you need to be concerned that they can be cracked.

2. Employees are logging in more frequently.  Employees are now logging in frequently on a multitude of devices. They are on their smartphones, tablets, desktops, and laptops. Every device is a potential method of intrusion. Passwords could be saved anywhere, keyloggers could be placed anywhere, and any device could potentially be lost. 

Because employees are logging into multiple devices and multiple platforms, there's also a greater tendency for them to store those passwords in text files, post-it notes, and other areas where they could easily be taken.

3. Users are increasingly using password protectors.   Password protection is a double-edged sword. On the one hand, users no longer need to remember their passwords, so they can have lengthy, detailed ones. They can even have them auto-generated. But if someone is already signed into their Google account, they can access nearly all their accounts. Unless there is a secondary security check or two-factor authentication check, users may have all their accounts breached after having a single account breached.

4. More people are working remotely.  Employers no longer have strict control over the devices their employees use. Employees will often be using a variety of devices to complete their work, and may use these devices in their personal life as well. Because of this, employers also can't ensure that people have the right security on their systems, or even that employees are locking their computers when they walk away.

Two-factor authentication makes it easier to secure any local or remote desktop gateway to privileged data, rather than the device itself. As more people work remotely, this will become increasingly important.

5. It's easier than before.  In the past, people were hesitant to use two-factor authentication because it was alien. Today, it's become such an industry standard that most people are used to it.
It sticks out not to have multi-factor authentication, and there are many platforms that already have embedded multi-factor authentication services that can be used. For most employers, there's no excuse not to start using multi-factor authentication, and the amount of training can be limited.

6. The risks of a data breach are greater.  Every year, companies put more information online. This information has to be secured and protected. The more personally identifiable, confidential, and privileged information you keep, the more efficient your business likely is. However, it's also the more devastating a data breach could be. Two-factor authentication is an easy and proven way to reduce your organization's risk, thereby reducing the chances that your organization could suffer the serious financial blow of a data breach.

Many small businesses either never fully recover from a data breach or close very soon after one, both because of the financial damage and because of the loss of reputation among customers, vendors, and even employees. To prevent this, organizations can instead choose to proactively protect themselves with security measures such as multi-factor authentication.

Two-factor authentication and multi-factor authentication have been around for a long time. Decades ago, many software solutions couldn't be run unless you both had a password and installed a USB "dongle" which verified ownership. But today, multi-factor authentication is becoming a de facto standard because companies are constantly under attack.

About the author: Lori Wade is a journalist from Louisville, Kentucky and is currently engaged in growing awareness around cyber security. 

You Might Also Read: 

Making 2FA More Secure:

 

« The US Suffers Multiple Attacks By Russian Hackers
Better Cyber Security For Smart Devices »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Protective Intelligence

Protective Intelligence

Protective Intelligence brings together a group of information security specialists with a passion for delivering high-quality solutions.

Cybsecurity Foundation (CSF)

Cybsecurity Foundation (CSF)

Cybsecurity is a non-profit NGO, which aims to work on improvement of security levels in the Polish cyberspace.

Paessler

Paessler

Paessler is a leading worldwide provider of network monitoring software.

TokenOne

TokenOne

TokenOne is a Cyber Security software company that makes it easy to replace passwords, tokens and other forms of authentication with a more secure solution.

Cybertron

Cybertron

Cybertron services include real-time monitoring and incident response and a cyber range for competency development.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

Basque Digital Innovation Hub (BDIH)

Basque Digital Innovation Hub (BDIH)

The aim of the BDIH initiative is to provide industrial enterprises, especially SMEs, with the technological capabilities needed to meet the challenges of industry 4.0.

Semmle

Semmle

Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review.

Techfusion

Techfusion

Techfusion is a cyber security research and consulting firm focusing on digital forensics and data recovery.

HunCERT

HunCERT

HunCERT's mission is to assist Hungarian Internet Service Providers in applying appropriate procedures to address the risks of computer network incidents and to respond to such incidents.

Logit.io

Logit.io

Logit.io is a log analysis & management platform that provides a scalable solution for hosting the open-source tools Elasticsearch, Logstash, and Kibana.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

Backblaze

Backblaze

The Backblaze Storage Cloud provides a foundation for businesses, developers, IT professionals, and individuals to build applications, host content, manage media, back up and archive data, and more.

Adaptiva

Adaptiva

Adaptiva, the autonomous endpoint management company, delivers the fastest way to patch and manage endpoints at scale.

NuKuDo

NuKuDo

NukuDo redefine the boundaries of cybersecurity talent development. We are dedicated to cultivating top-tier professionals equipped to tackle the complex challenges of cybersecurity.