Today, a hacker can find a user’s password in any number of ways. They could get it from a lost or stolen computer. They could get it from another site where the user used the same password, or they could infect a computer with a virus to track and capture keystrokes.
Since username and password theft is so prevalent, many have taken steps to shore up their security measures. Basic authentication using only a username and password is no longer considered secure since they’re easily shared with others or they can be guessed through trial and error. Once a hacker has a username, they then can run through different passwords until they finally guess correctly.
One of the steps that organizations have taken to secure their systems is to implement two-factor authentication.
Two-factor authentication (2FA) is a two-step identification process that uses two of three different categories of authentication for access. The three categories are:
- SOMETHING YOU KNOW – typically a username, password or pin
- SOMETHING YOU POSSESS – a token, a cell phone, an ID card, and
- SOMETHING INSEPARABLE FROM THE USER – a fingerprint, a retinal scan
A familiar example of 2FA is an Automated Teller Machine (ATM). An ATM requires you to insert your bank card (SOMETHING YOU POSSESS) as the first factor. The second factor is the requirement to enter a PIN number (SOMETHING YOU KNOW) to gain access to the account. These two factors together are more secure than either one by itself. On the other hand, most workstations (desktops and laptops) only require a username and password (SOMETHING YOU KNOW) and do not use a second factor.
SOMETHING INSEPARABLE FROM THE USER is the most difficult factor to replicate. It’s followed by SOMETHING YOU POSSESS and finally SOMETHING YOU KNOW. By using two of the three categories, you essentially increase security and decrease your risk through diversification. In the event of a security breach, users who employ 2FA are better protected from these criminals since they can’t access accounts without the second factor.
There are two other benefits of 2FA. The first is that it makes working remotely safer since it adds a layer of protection from hackers looking for gaps in your system perimeter. 2FA also fulfills many compliance requirements such as PCI, HIPAA, and if you ever need to transfer protected health information, PIPEDA.
2FA improves your defenses but before you implement it, there are some advantages and disadvantages to consider.
- Improved security!
- It is an excellent deterrent – criminals are less attracted to an account protected with 2FA.
- It’s affordable
- You can implement 2FA through a text message or smartphone app.
- You will have to have your phone/token for 2FA with you at all times.
- It’s cumbersome and people will often disable it if they have the opportunity.
Despite the slight inconvenience, 2FA is a quick and easy way to further secure your important online accounts.
If you have questions about two-factor authentication or any other questions regarding the security of your technology, please give us a call @ 501.801.86700 or send an email to firstname.lastname@example.org.