What is two-factor authentication?
To understand two-factor authentication, you will need to know what single-factor authentication is. Single-factor authentication is a common login where you have to enter your username and one password. In this single-factor authentication model, anyone who can obtain your username and password, can get access to your account.
Two-factor authentication, or 2FA for short, adds an extra layer of security before someone can access an account. 2FA requires the user to have two out of three types of login credentials before granting access. The three types of credentials are (1) something you have, (2) something you know and (3) something you are.
- Something that you have could be a bank card, key fob or security tokens – anything tangible.
- Something you know incudes personal identification numbers (PIN), passwords or security questions like “What was the name of your first pet?”
- Something that you are could be voice recognition, fingerprints or retina scans.
- Other forms of 2FA are receiving SMS messages with a code you have to enter or a phone call to verify you are who you say you are.
Does two-factor authentication protect me?
Two-factor authentication adds an extra layer of security to your accounts and although it is not hacker proof, it is more secure than single-factor authentication. With two-factor authentication, hackers must obtain more information than they did previously and that thwarts a certain subset of the hacking community. Just by adding an extra step, you can eliminate a subset of threats.
Most organizations believe that personal passwords are enough security. In reality, insecure passwords are a huge problem in most organizations. Even if a few employees use ‘password’, ‘12345’, or another basic password as their login credentials, it opens the door for third-party hackers to guess login information and access your systems. Two-factor authentication improves the level of security by asking for something only the account owner should be able to provide – making it harder for the hackers to guess or get their hands on.
One issue that arises with two-factor authentication is account recovery. Most sites offer a “Forgot password” option where a password reset URL will be emailed to you. If a hacker has access to your email, they will be able to gain access to the account recovery feature of your most recent login. These account recovery options allow the person signing in, real or fake, to bypass the 2FA requirement.
Who uses two-factor authentication?
Two-factor authentication has been around for many years but is becoming more prevalent with the digital age in which we live. Major companies like Google, Twitter, Facebook, Apple, Microsoft, Yahoo and many more are already using a 2FA process for logging in.
How to implement two-factor authentication?
First, you will want to understand that there is a cost associated with implementing additional security with two-factor authentication – setup fees, additional time and increased system complexity. Knowing that, you’ll need to decide whether or not your company truly needs 2FA. The highest benefit will come to companies who store sensitive and secure information or have business critical functions that would benefit from an additional layer of security.
Once you’ve decided two-factor authentication is right for you, you will need to choose the authentication type that fits your business. Will it be something that you have or something that you know or something that you are? Not every option is viable for all companies. In fact, most times, there is a clear authentication option that works for a business model.
If you would like to leverage 2FA to provide an extra level of security to your business data, our team of IT specialists can help. Please fill out the form below or call us at 614-212-1111 today.
Want more information on two-factor authentication? Join our webinar on Advanced Ways to Protect Your Data Part 1: Encryption and Two-Factor Authentication.