Two-Factor Authentication Matters More Than Ever

Uploaded on 2021-04-28 in TECHNOLOGY--Resilience, FREE TO VIEW

Since 2016, cyber-attacks on SMBs have increased by 20%. The vast majority of businesses will experience a cyber attack — and most of them blame employee passwords. Whether employee passwords are being shared, are weak, or are otherwise compromised, passwords are often the weakest link. But this can be defeated through the use of two-factor authentication.

Two-factor authentication (2FA) requires two data points to log-in. Employees might need to both provide a password and an email address, or a password and a phone number, to get through. Even if someone has stolen someone's password, they can't get past two-factor authentication. 

Here are some reasons two-factor authentication remains critical today.

1. Computers are faster than ever.  It used to be that an eight-character password was pretty secure. As long as it wasn't a dictionary word, it would take a long time to "brute force." Brute forcing is when a computer program goes through every iteration of a potential password to determine what the password is. In 1982, that could take nine months. In 2020, it'll take a little more than three hours. Even a nine-character password takes a couple of months. And it's even faster if the password includes whole words. Unless you can rely upon your employees to have detailed passwords, you need to be concerned that they can be cracked.

2. Employees are logging in more frequently.  Employees are now logging in frequently on a multitude of devices. They are on their smartphones, tablets, desktops, and laptops. Every device is a potential method of intrusion. Passwords could be saved anywhere, keyloggers could be placed anywhere, and any device could potentially be lost. 

Because employees are logging into multiple devices and multiple platforms, there's also a greater tendency for them to store those passwords in text files, post-it notes, and other areas where they could easily be taken.

3. Users are increasingly using password protectors.   Password protection is a double-edged sword. On the one hand, users no longer need to remember their passwords, so they can have lengthy, detailed ones. They can even have them auto-generated. But if someone is already signed into their Google account, they can access nearly all their accounts. Unless there is a secondary security check or two-factor authentication check, users may have all their accounts breached after having a single account breached.

4. More people are working remotely.  Employers no longer have strict control over the devices their employees use. Employees will often be using a variety of devices to complete their work, and may use these devices in their personal life as well. Because of this, employers also can't ensure that people have the right security on their systems, or even that employees are locking their computers when they walk away.

Two-factor authentication makes it easier to secure any local or remote desktop gateway to privileged data, rather than the device itself. As more people work remotely, this will become increasingly important.

5. It's easier than before.  In the past, people were hesitant to use two-factor authentication because it was alien. Today, it's become such an industry standard that most people are used to it.
It sticks out not to have multi-factor authentication, and there are many platforms that already have embedded multi-factor authentication services that can be used. For most employers, there's no excuse not to start using multi-factor authentication, and the amount of training can be limited.

6. The risks of a data breach are greater.  Every year, companies put more information online. This information has to be secured and protected. The more personally identifiable, confidential, and privileged information you keep, the more efficient your business likely is. However, it's also the more devastating a data breach could be. Two-factor authentication is an easy and proven way to reduce your organization's risk, thereby reducing the chances that your organization could suffer the serious financial blow of a data breach.

Many small businesses either never fully recover from a data breach or close very soon after one, both because of the financial damage and because of the loss of reputation among customers, vendors, and even employees. To prevent this, organizations can instead choose to proactively protect themselves with security measures such as multi-factor authentication.

Two-factor authentication and multi-factor authentication have been around for a long time. Decades ago, many software solutions couldn't be run unless you both had a password and installed a USB "dongle" which verified ownership. But today, multi-factor authentication is becoming a de facto standard because companies are constantly under attack.

About the author: Lori Wade is a journalist from Louisville, Kentucky and is currently engaged in growing awareness around cyber security. 

You Might Also Read: 

Making 2FA More Secure:

 

« The US Suffers Multiple Attacks By Russian Hackers
Better Cyber Security For Smart Devices »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Efecte

Efecte

Efecte is a Nordic SaaS company specialized in IT Service Management, Self-Service, Identity Management and Access Governance solutions.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

Think Cyber Security (ThinkCyber)

Think Cyber Security (ThinkCyber)

ThinkCyber is a Tel Aviv-based Israeli company with a team of cybersecurity professionals who are experts in both information and operations technology.

ExpressVPN

ExpressVPN

ExpressVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

01 Communique Laboratory

01 Communique Laboratory

01 Communique Laboratory is an innovation leader in the new realm of Post-Quantum Cyber Security.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

Netgo

Netgo

Netgo group meet the requirements of a complex, digitized world with IT consulting, IT solutions & services, managed & cloud services and software products & development.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

Interactive

Interactive

Interactive are a leading Australian IT service provider with services in Cloud, Cyber Security, Data Centres, Business Continuity, Hardware Maintenance, Digital Workplace, and Networks.

Unified Solutions

Unified Solutions

Unified Solutions provide a full continuum of cyber security services, compliance, and technology solutions.

Amiosec

Amiosec

Amiosec is a British cyber innovation business specialising in delivering simple-to-use solutions to the complex problems of the modern world.