What is two-factor authentication?
Two-factor authentication, two-step verification or dual-factor authentication is a system by which users logging into an app or computer system are required to enter two forms of identifying material – normally a password and a pin which is sent to their phone.
How does two-factor authentication work?
Two-factor authentication works by adding an extra layer of security to your business networks.
Username and password combinations are too easy for hackers to acquire and therefore gain access to your data, whereas by adding an extra identification process – and one which is not reliant on the knowledge of the user – can make it extremely difficult to predict and therefore hack.
Even if the hacker has managed to acquire the username/password combination a biometric identifier or automatically generated number or code is still required to gain access.
Types of two-factor authentication products
There are various methods that can be used for two-factor authentication, the combination choice of which is left up to the organisation. These fall into five categories:
- A knowledge factor – something the user knows such as a password, pin or security question.
- A possession factor – something the user owns like a mobile phone, app or authentication key.
- An inherence factor – something biometric like a fingerprint, face and voice recognition.
- A location factor – a location from which the login attempt is being made either using IP addresses or Global Positioning System (GPS).
- A time factor – restrictions within certain time windows.
The most commonly used authentication methods fall within the first three categories and are:
- Passwords – these are the most traditional and should be at least eight characters long and be a combination of upper- and lower-case letters, numbers and special characters.
- One-time use code – A code is sent via SMS or email which is used only once. This is not the most secure login method as attackers can intercept weaknesses in mobile networks and email accounts.
- App generated codes – code can be generated by an app on a mobile phone with the most common being Google Authenticator. These can be generated by scanning a QR code which contains a ‘key’. As the key is stored on the phone itself this is less likely to be intercepted by a third party.
- Physical authentication keys – This is a USB which the user will need to insert every time they try to login from a new computer. As long as these are kept safe they can’t be intercepted and remain a reliable login. The downside is they won’t work on all devices without adapters (such as iPhone, MacBook or Android).
- Biometrics – Some devices enable users to login via a fingerprint, voice or an eye dent. These are extremely difficult to hack but if they are, they cannot be used ever again as you are unable to change your fingerprints or eye dent.
- Information – this could be something that only the user would know – either a password or a piece of information. Unfortunately, with the growth of social media, traditional security questions can be easy to crack (e.g. mother’s maiden name or street you grew up on).
All of these methods (other than physical authentication keys) are free or inexpensive to set-up and don’t require the users to carry anything with them other than their mobile phone. This, therefore, limits the inconvenience of two-factor authentication as well as the possibility for user error.
What does two-factor authentication prevent?
Whilst some of these methods of logging in are more secure than others, the introduction of two-factor authentication makes it more difficult for cybercriminals to intercept and gain access to protected systems. Once access has been gained this can lead to data theft, data loss or identity theft which can cost the organisation in time lost, as well as financial and reputational elements.
But with two-factor authentication even if hackers are able to gain access to passwords via phishing or malware, they will still be unable to gain access without the second form of identification.
Why use two-factor authentication?
As hackers and scammers get craftier, more ruthless and more successful it is essential that two-factor authentication is introduced for every app used in your organisation on PC or mobile.
Although no system is 100% hacker-proof two-factor authentication makes it much harder for cybercriminals to gain access to your network as they need more than a password – they need access to a phone, email account, physical authentication key or a fingerprint.
The key reasons for implementing 2FA today are:
- Data is more secure.
- Secure data increases business reputation.
- Increased productivity as employees feel safe to access data on and off-site.
- Save money on helpdesk password-related calls.
How to set up two-factor authentication
The majority of apps which require a unique user login have the option to choose two-factor authentication which is simply implemented by switching it on and choosing the form of authentication required.
However, if you are not sure how to do this effectively for your business or if you would like to see how two-factor authentication can improve the security of your business network, or would like to find out more about our cyber security services, speak with a member of the CIS team today.