What is Two-Factor Authentication? Is it worth the effort for SMBs?
Passwords keep your online accounts safe, but countless studies have proven that they’re usually not all that secure. Hackers use a wide array of specialized software or programs to crack them, as well as phishing attacks, which are relatively low-tech scams that trick users into entering their username and password into a fraudulent website.
Creating complex passwords and changing them regularly are good cybersecurity practices, but relying only on passwords isn’t enough to protect your online accounts. Moreover, security questions reset a password when answered correctly are especially risky since that information can usually be found with some Google or social media research. What you need is something called Two-Factor Authentication (TFA). It’s quick, easy, and secure.
What is Two-Factor Authentication?
Two-factor authentication (TFA), also called two-step verification or multi-factor authentication, is a security measure that requires a user to verify his or her identity with two or more of these components:
- Something the user knows – a password or an answer to a security question
- Something the user owns – a device such as a mobile phone or a USB security key
- Something the user is – a person’s voice, fingerprint, or face
For instance, if you log in to your Google account from a browser or device that you have never used before, you may be asked to enter a password and a six-digit security code that will be sent as an SMS to your mobile number. This approach combines something you know (your password) and something you own (your phone) to protect your account.
Without TFA, a password is all it takes to snoop on your email inbox, social network profile, online banking account, or any other web-based accounts, and hackers can crack more passwords in less than 160 seconds.
However, TFA is not restricted to sending a code to a mobile number. Take Apple’s iCloud, for example. Whenever you log in to iCloud from a new device, its “Trusted Devices” setting verifies your identity by sending a four-digit code to your other Apple devices — which could be an iPad or a Macbook.
More authentication means more security
Some organizations are exploring even more stringent logins. These include authenticator apps like Google Authenticator, which generate secure codes without sending them via WiFi or cellular networks, greatly reducing the possibility of a code being intercepted.
Other companies integrate biometric-based authentication into their systems, which involves facial or fingerprint-scanning to confirm a user’s identity. Similarly, behavioral biometrics can verify users based on how they type, use their mouse, or other behavior-based patterns.
Is TFA Worth the Effort for SMBs?
In 2016, Uber suffered a data breach that affected 57 million driver and customer records. Hackers obtained a password to Uber’s backup storage via “brute force attacks” (which use computers to make thousands of guesses per second). The company discovered the breach after the hackers sent a $100,000 ransom note one month later. According to reports, the breach would have been prevented, or at the very least discovered a lot sooner, had the company enabled TFA.
Thousands of cybersecurity incidents could have been prevented simply by setting up a TFA system and letting it run its course. Options offered by billion-dollar companies like Apple, Microsoft, and Google are so simple, anyone can use them to avoid a massive breach that could prove disastrous to millions of customers.
But despite having the option to enable TFA, many have not done so. That extra step to verify your identity may take a couple more minutes, but it’s a small price to pay for securing your data and identity. In case someone attempts to hack into your account, you’ll be notified immediately and the hacker would have to bypass your phone’s security in more than one way to succeed.
Dyrand’s Managed IT Services team in Vancouver can help you stay on top of cybersecurity trends. If you want to bolster your company’s defenses by integrating TFA into your systems or explore other cybersecurity options, get in touch with our team today.