Two-Factor Authentication: A Straightforward Security Enhancement Every Business Should Use

by | Dec 23, 2020

Here at Advisory Solutions, we’re passionate about IT security. We want every business to take commonsense steps to enhance their security, whether they are clients of ours or not. One security enhancement that every small business should make immediately is enabling two-factor authentication where possible.

Doing so is one of the simplest ways imaginable to reduce the likelihood of a data breach through a phishing attack. And phishing remains a massive threat to today’s businesses: Verizon reports that at least 22% of 2019’s data breaches involved some form of phishing.

What is two-factor authentication, and why is it so important? We’ll answer these questions and more below.

What Is Two-Factor Authentication?

Two-factor authentication, often abbreviated 2FA, is the term for enabling some second layer of identity establishment when accessing a digital account or device. 2FA is a security mechanism that requires users to provide two different types of information. By implementing 2FA, businesses make it much harder for someone to gain inappropriate or unauthorized access to a system.

The most recognizable form of 2-factor authentication works like this. A user navigates to a website and provides a username and password. Without 2FA, that’s all it takes to log in. But with 2FA, there’s another step. Upon receiving a correct username and password combination, a site equipped with 2FA will send a temporary numeric code to the user, usually via text message. The user simply enters this code and gains access to the site, device, or service.

There are many other forms of 2-factor authentication, from fingerprint readers to physical keyfobs with randomly generated passcodes to app-based solutions. The concept can also extend beyond just two forms of authentication. Multifactor authentication can work with whatever number of factors you choose to set up.

While the term 2FA is a relatively recent one, the concept goes back much further. It’s the same principle as a high-end bank might use, where in addition to a passport or other government ID, a patron establishes identity by another means (perhaps a fingerprint or a spoken or typed passcode).

We’ve all seen this sort of thing in movies, and it isn’t completely foolproof. But it’s far safer than allowing access based on an ID alone. The same principle is true with your digital accounts: 2FA isn’t impenetrable, but it adds an additional hurdle to gaining account access, one that’s enough to stop many would-be attackers.

Why Is It Important to Enable 2 Factor Authentication?

Enabling 2-factor authentication is important because of just how easy it is to gain access to single-factor accounts. First, people generally use terrible password hygiene. They reuse the same password on Facebook and Target, and maybe even at their bank. If the password is compromised anywhere, it’s only a matter of time before someone tries that compromised password somewhere else.

Second, millions of compromised username/password combinations are available on the web. “Hacking passwords” rarely works like it does on TV. Usually, bad actors simply buy these lists and then just start trying them places until they get in. These are crimes of opportunity, not the targeted heists you see on TV.

So, how does 2-factor authentication help? To successfully log in via 2-factor authentication, a person needs two things:

  • A correct username and password combination

  • Access to the device or account where the temporary code is sent

Neither of these is particularly hard to get if you’re the legitimate account holder. But the second one tends to be very challenging for the bad guys: stealing a specific person’s phone at just the right time is hard to do with any consistency.

What Are the Risks of Not Using 2 Factor Authentication?

In business, the risks of not using 2FA are many. If a bad actor gains access to an employee’s email account, for example, you’re now exposed to much more targeted spear-phishing attacks. Most corporate email credentials also grant access to workstations and network resources, further deepening the risk.

Wrapping Up

We recommend enabling 2-factor authentication on any system or service that offers it within your business. It’s easy to do and can drastically increase your IT security and lower your risk of a breach.

For more complex 2FA or multifactor applications, such as business-wide 2FA, Advisory Solutions NYC is here to help. You’ll need a trusted IT partner to implement this well. Reach out today if you’re ready to get started!