Answers to the most common questions about two-factor authentication.
A password alone isn’t enough to protect your accounts. In fact, a recent study published by Microsoft states that two-factor and multi-factor authentication can block over 99.9% of attacks.
At Core Vision IT Solutions we tend to get a lot of questions about how to defend against cybercrime. As two-factor authentication is ALWAYS one of our go-to solutions to protect clients, we want to address some of the most common questions we get asked about what it is and how it helps. Additionally, we want to provide recommendations on some of the best tools to use if you’d like to implement a two-factor authentication solution for your company.
Many of our clients come to us because they are concerned about whether their employees are following best practices and keeping their accounts safe. In some cases, they had already been hacked once or twice before, leaving their sensitive data in the wrong hands and opening themselves up to ransomware, fraud and other threats.
In a digital age when we’re all storing, handling, and accessing sensitive information via the internet, cyber attacks and data breaches are becoming more common than ever before. Cybercriminals use a range of methods to steal sensitive information and gain access to user accounts, often before the victim even recognizes they’ve been compromised. Let’s get started with information on how two-factor authentication can keep your company safe.
What Is Two-Factor Authentication?
Two-factor authentication is a process designed to add an additional layer of security to your online accounts. Essentially, your password is supplemented with an additional piece of evidence or proof of identification, such as a PIN or code sent to your mobile device, authorization through a third party application, or in some cases, a biometric form of access such as a fingerprint.
How Does Two-factor Authentication Work?
Users will input their usual password, and if correct, they will be asked for a second form of identity verification. This will likely include a random security code generated by an application, a biometric form of access, or a physical key. The second factor will be something the user has physical access to via their mobile device or personal biometric, which makes it more difficult for hackers to spoof compared to a lone password.
Why Do I Need Two-Factor Authentication? Aren’t Complex Passwords Enough?
The short answer is NO.
With today’s technology in use by hackers and other bad actors, normal passwords only take a few minutes to break. And while more complex passwords can help slow them down for a couple of extra minutes, they don’t do much to stop the automated programs that can run thousands of password combinations against your logins every minute. Here’s a great blog article from Microsoft that goes into detail on the various methods being used today — and how almost all are thwarted by two-factor authentication.
How Safe Is Two-Factor Authentication?
When it comes to technology, nothing is completely, entirely secure. Although two-factor authentication significantly decreases the level of risk by over 99%, two-factor authentication can still be circumvented by advanced attacks. However, the chances of this occurring are minimal as most attackers and hackers are looking for easy targets, not those with two-factor already in place.
When Do I Need To Use Two-Factor Authentication?
Most cloud applications and platforms that handle sensitive information offer two-factor authentication, with many of them now requiring it to be enabled.
- Online banking and financial sites
- Social Media sites like Twitter and Facebook
- Cloud services from Google, Microsoft and Apple
- Various other services
For most of these services, it’s as simple as turning the option on and setting up your mobile phone for authentication. Typically, it’s provided free of charge and easy to activate.
One of the most important services to protect is your business email, especially for Microsoft 365 and G-Suite. These are the two top targets for hackers to gain access to in order to impersonate you and your users, causing immense financial and reputation damage. For more specific information on protecting these accounts, here’s a great article we published earlier this year outlining the threats and the best ways to protect your business.
What Are My Options For Two-Factor Authentication Besides Text Messages?
While two-factor authentication using SMS text messages are convenient, they’re not as secure as the use of authentication apps. Hackers have figured out how to redirect text messages from your phone without you knowing about it, which gives them access to two-factor requests.
The good news is that there are several third party options that can be used to protect your applications and data. These range from basic free applications to more feature-rich paid versions, such as:
- Authy: Available for free as an application download for mobile devices and desktops, supporting various operating systems.
- Yubico: A paid service with security keys in various forms: USB, nano, and lightening keychains.
- Duo: Available via a range of plans starting with a free basic plan up to an advanced $9 per user, per month plan.
What About Two-Factor Authentication For Access To My Business Network?
In addition to protecting cloud hosted applications and services, you’ll also want to make sure that any remote access to your business network and systems are equally secured. This is especially important in today’s world with a greatly expanded remote workforce.
At a minimum, this means implementing secure VPN access for each remote user as this will keep the data encrypted between the remote computer and your network. The user will login to the VPN client using a password, then they’ll be connected to your network. If that password gets compromised, hackers have access to your important files and accounts.
Therefore, just like cloud hosted apps, your systems should also be protected with two-factor authentication. Again, there are a variety of solutions available to you depending on your current security systems like firewalls and endpoint protection. We recommend speaking with your IT provider to select the right two-factor authentication product and/or service for your network.
At Core Vision, we recommend and use Fortinet’s two-factor authentication solution, and integrate it into our overall security solution for clients. It comes with the choice of electronic soft-tokens or physical keys and integrates flawlessly with other security policies.
Need More Information On Two-Factor Authentication Or Business Security?
The security threats to your business continue to get worse every year, and so, the best approach and solutions are constantly changing in order to keep up. If you’re feeling overwhelmed with the next steps, or not sure that your business is being protected, contact us for more information and a non-biased discussion on what you should consider. Core Vision IT Solutions works with small and mid-sized businesses throughout the Milwaukee and Chicago areas each year, protecting their systems and keeping users safe.
If you found this article helpful, take a look at the following blogs to keep learning about cybersecurity…