A lot of business continuity plans have been put to the test over the past few months. Chances are, you’ve found potential weak spots in your company’s IT environment, particularly in your software and network infrastructure. Make no mistake, cybercriminals are working overtime to take advantage of vulnerabilities wherever they find them. One common vulnerability relates to passwords and employee access to company data.
It’s estimated that the average user has up to 200 accounts that require a password, and 72% of users recycle passwords among accounts. Consider the number of accounts, both business and personal, that your employees have. It should make you pause. If you don’t think your employees reuse passwords between their personal and business accounts, think again. To protect your business data from the chaos that can come from hacked passwords, consider implementing two-factor authentication.
What is Two-Factor Authentication?
Typically, accounts ask for a username and password for access – also known as single-factor authentication. Two-factor authentication (2FA) places another requirement on access by asking for an additional piece of information. This second piece of information helps to prove that the person attempting to sign in is authorized to access the information. Common two-factor methods include biometrics, one-time passwords, verification codes, QR codes, and hardware tokens.
In other words, the second factor is commonly something only you know or something only you have. Fingerprints, codes sent via text to your phone, and Google Authenticator are all examples of methods used in two-factor authentication.
2FA for Greater Security
Two-factor authentication offers businesses an additional layer of security, requiring the person signing into an account to take an additional step. (In fact, it’s a good idea for personal accounts, as well. Your email account, for instance, can be a sort of master key for all of your other passwords.) This additional step can help protect your business data. Compromised login information would still need the second factor requirement in order to gain entry into your systems.
Something else to consider: Microsoft has changed their stance on password expiration. Policies that make users change their passwords after a certain period of time often lead to recycling of passwords. Additionally, keeping track of all these password changes can be difficult, particularly if your company doesn’t provide a password manager to securely record each employee’s logins. (More on this in a future post.) Instead, consider requiring a unique, complex password or passphrase combined with two-factor authentication.
Enabling Two-Factor Authentication
Two-factor authentication can help to make your accounts more secure, but how you enable this feature can differ depending on the account you’re securing. There are multiple ways to use two-factor authentication, including:
- SMS Verification – one-time used code sent to you phone via text message
- App-Generated Codes – an app that provides a six-digit code every 30 seconds
- Physical Authentication Keys – a physical token in the form of a UBS key inserted into the USB port on your computer
- App-Based Authentication – varies from app to app, but allows you to use a registered device to grant access to your account on a new or different device
- Email Authentication – one-time use code sent to your email
- Recovery Codes – backup codes typically provided when you set up two-factor authentication, used only in the event you lose your 2FA method
What’s best? As with most things related to technology, the best format to adopt for two-factor authentication will depend on a variety of factors. Your personal accounts may or may not need this additional layer of security, depending on how much of your personal information is involved. However, your real email address, and any account linked to that, probably could benefit from 2FA. The method you use will depend upon what’s available for that account. Log into your account, navigate to your profile, and look for security options. One app, Authy, has compiled a list of guides for turning on two-factor authentication for many popular sites, software, and applications.
Two-Factor Authentication for Business
While the information contained in personal accounts is important and valuable and should be protected, businesses have much more at stake. Access to networks and internal systems can potentially expose customer and financial information, so adopting two-factor authentication is critical. For businesses, the most secure options for 2FA will be using app-generated codes or a physical authentication key. Be aware, however, that the use of two-factor authentication does not make your business invulnerable to attack. There are plenty of man-in-the-middle schemes that can intercept information, as well as old-fashioned thievery out there. Still, 2FA makes your accounts more secure than relying only on a username/password combination. Two-factor authentication makes your business (and personal accounts) less attractive to cybercriminals.
If your business needs some guidance on enabling two-factor authentication, please contact Lieberman Technologies. We can help you to assess the best methods to increase security for your systems and networks.