As more and more online accounts fall victim to hacking and phishing scams today, we are given the opportunity to speak to clients about 2FA (two-factor authentication) which plays a vital role in protecting your online accounts.
What are the Benefits of 2FA?
In simple terms, two-factor authentication adds an extra layer of security to your login process. The first layer is generally a combination of a username and password, as you’re likely used to.
Adding one more step of authenticating your identity makes it harder for an attacker to access your data.
The second layer will generally send a secret code to your cell phone, something that only you have in your possession, or ask for a piece of information that only you know, that you will have to enter in order to verify that it is, in fact, you that is logging in.
A nefarious individual would now need to steal both your password and your cellphone or secret information in order to access your account.
For a more complete, detailed definition of 2FA/MFA, Wikipedia states:
Multi-factor authentication (MFA; encompassing Two-factor authentication or 2FA, along with similar terms) is an electronic authentication method in which a device user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). MFA protects the user from an unknown person trying to access their data such as personal ID details or financial assets.
How Does 2FA Work?
Again, more simply put, 2FA/MFA is an extra step during the login process to verify your identity.
So, if someone has stolen your password or simply has access to it (I’m looking at you Managers with an Admin Assistant who has all of your login credentials), they can’t access the account without the code sent to your phone, your fingerprint, token, or another form of additional ID, preventing unauthorized access.
One commonly known and used form of 2FA is with a bank card. You have to have the card itself and then verify you are using it by using a PIN code.
Imagine if anyone with physical access to your card could withdraw money from your account or charge it to your account. Having a PIN code has saved account holders billions of dollars since 2FA was implemented.
Setting up Two-Factor Authentication
Enabling two-factor authentication and setting it up for each user in your organization is one of the easiest measures that can be implemented to add security to your accounts.
We recommend 2FA be in place, in particular, if you use Gmail or MS 365 (formerly Office365) for email, since those platforms are intended to be conveniently accessed via an online web browser, making them potentially accessible to rogue actors.
Also, consider for any online file storage or sharing platforms or important websites as well.
Many sites and services give you the option of using an authentication app as well, similar to the codes that change with each use of your chip embedded credit card; a provided number in the app will be different each time you log in, and the code expires usually in 30 to 60 seconds so it can’t be used again.
If everyone used 15 character complex passwords (with upper case, lower case, numbers, and symbols required) and had a different password for every login, passwords might be enough. Unfortunately, that’s not the case.
A recent report showed more than 20 million accounts still have the highly complex password of “123456”. Additionally, more than 75% of people repeat passwords at multiple sites or accounts. And to top it off, computers can now hack passwords exceedingly fast. An 8-character password that uses numbers, upper case letters, and lower case letters can be hacked in less than 30 minutes by a computer.
However, all of that being true, even if your password was "password", if the second form of ID like a text code was still needed, your account would be protected. (But, please don’t make your password "password").
When you also factor in the number of phishing attacks that successfully trick an email recipient into entering their email login credentials in order to view an email that "was sent privately or encrypted" in order to view it, or by faking the appearance of an actual known website to obtain login credentials, the risk is even greater. With those credentials, they can now log in and access your accounts!
So, should you use 2FA? The answer is a resounding YES!
Is 2FA A Hassle?
Some people feel that 2FA is a hassle; I don’t know if I would call it a hassle, but it does create an extra step that must be completed with each login. But in today’s environment of scammers and attacks, it’s a step worth taking. Many sites will permit you to add this feature and, of course, we’re here to help set it up for you as always – just ask!
At Blue Oak Technology Solutions, we enable and set up two-factor authentication on all new hosted accounts we set up by default as a matter of best practices. If you’re not presently utilizing 2FA, it’s time to get it in place and let it start working to protect you from unauthorized access.
