Authentication is the password that you use to access your computer, email, favourite websites and more. For a long time, the humble password seemed to be good enough.
Then came password complexity, with their CAPITAL, numb3r and minimum-of-8-character requirements. Nowadays there are legitimate looking fake sites designed to extract your password, no matter how complex. Which is why we now need two-factor authentication.
Two-factor authentication (2FA) also known as two-step verification or multifactor authentication is a two-step verification process used to confirm a user’s identity. It adds an extra layer of protection beyond a simple username and password log in and is designed to prevent unauthorised users accessing accounts with only a stolen password.
It works like this, after entering your password, you will have to enter a second password in the form of a rotating code that is generated by an app on your smart device. This is similar to a digital token that you might have had to use for a business bank account in the past.
This means that a hacker would need to know your password and have access to your phone in order to gain access to your accounts.
Why Should I use 2FA?
Two Words SECURITY FATIGUE
Many users are at great cyber security risk simply because they use the same password across different applications or different websites.
While this may be convenient, it leaves the user vulnerable if their passwords are compromised.
Simple actions such as downloading software or clicking links in emails can expose users to password theft.
One solution may be to use complicated and unique passwords for every account, but this would not be feasible for most of us as we would be unable to remember them.
2FA provides us with an extra level of security every time we log in.
81% of hacking-related breaches leveraged either stolen and/or weak passwords. — Verizon’s Data Breach Investigations Report 2017
There are several types of 2FA available based on either something you know, something you have or something you are. Examples include:
- SMS codes sent to your phone
- security questions set up by you, which only you would know the answers to when prompted
- a physical device, like a security token that generates temporary access codes
- software, such as Authenticator app, that sends a notification to your smart phone (or tablet) or provides a temporary access code. Once you’ve installed one, you can use the same app when setting up 2FA on any accounts which offer this option.
- fingerprint scans
- voice recognition.
Along with this, you should develop security policies that would trigger an investigative state, such as change of bank account details on invoices.
Ultimately you can have the best security firewall, antivirus and email filtering, and still, have major issues as the biggest flaw in the system is HUMAN ERROR and HUMAN COMPLACENCY.
Education and security training is highly recommended for your staff.
Call us for more info.