When is the last time you saw a jewelry shop protect their diamonds with a simple lock and key? Even before extra layers of security like alarms, motion detectors, and biometrics were invented, jewelers hid their diamonds and even put out fakes to deter criminals.
In your company, data is as valuable as those diamonds — so why are you protecting it with a simple username and password?
Passwords are the keys that access your company's data, but like the traditional lock and key, any mediocre cybercriminal can easily decipher your password. In fact, it's now possible for your mother to easily hack your Facebook account.
Technology enables hackers to test billions of password combinations per second, exposing 90% of all passwords. Facebook realized this when they discovered 600,000 imposters were attempting to access users' personal information every day using stolen passwords.
Companies like LinkedIn, Google and Twitter decided that they needed extra layers of security to strengthen passwords and protect their users' data. The solution: two-factor authentication (2FA).
Two-Factor Authentication Adds the Extra Security You Need
If you have logged into Facebook, Twitter, or Google within the past few years, you have come across two-factor authentication.
Two-factor authentication (2FA), sometimes referred to as multifactor authentication, is a method used to verify a user's identity when they are trying to access an application. In addition to a password, 2FA requires you to provide a second piece of information to confirm your identity.
The first step is to sign into your account with a username and a password. This is the first factor of the two-step process.
Unlike the ineffective security questions such as your mom's maiden name or your school's mascot, the second piece of information used in 2FA is extremely hard for cybercriminals to acquire. The idea is to create a second factor that is unique to the user, which is often something they possess, like a smartphone, or even something biological, like a fingerprint.
After you enter your credentials in step one, you will be prompted to add the second factor. There are several pieces of information that can be used, which we'll share below. In this case, the user chooses an SMS verification.
Hacking a password is extremely easy, but obtaining a physical device that generates the second code or stealing biological features is not as easy, which is why 2FA is one of the most effective security approaches available.
2FA Approaches to Give Your Employees Convenient Options
If you are considering 2FA for your business, there are several approaches for the second factor known as one-time passwords (OTP) that don't require the technical sophistication of biometrics (fingerprints, retina scans).
Your OTP options include:
- SMS (Text Messages): SMS is the most popular method of 2FA. After a successful login, the user receives a 5-10 digit code via SMS on their phone, which they then enter into the application for access.
- Pros: Employees are comfortable receiving text messages and it is cost-effective to implement.
- Cons: Relies on cell reception and a physical phone. If stolen, you can't authenticate.
- Email: An OTP can be sent to a secondary email account for verification. This technique works in the same way as SMS, where a 5-10 digit code is sent to the email address.
- Pros: Employees can get emails on multiple devices, it’s cost-effective and everyone uses email.
- Cons: Emails sometimes fail to deliver, and hackers can gain access to your email and get the code.
- Voice Call: Although not a common practice, users can choose to receive a call to a designated phone number with the OTP delivered using a text-to-speech service.
- Pros: All employees are comfortable with phone calls and voice doesn't require a data connection.
- Cons: Calls can be intercepted, forwarded or voicemails hacked. If stolen, you can't authenticate.
- Hardware Tokens: This is a common enterprise practice, where employees are given a physical device such a key fob, or other devices that dynamically generates a code for the user.
- Pros: It is a standalone solution that doesn’t require reception or WiFi connection.
- Cons: The pieces are expensive, hard to manage and devices are easily misplaced or lost.
- Software Tokens: Instead of carrying around a device, software tokens require employees to install an application that runs on their computer or mobile device.
- Pros: Apps are easy to use, easy to update and easy to apply patches when needed.* *
- Cons: Employees must download to their personal device. Apps can be compromised without user knowledge.
- Push Notification: Apps like Auth0 Guardian enable you to receive a push notification in the same way you get alerts from your calendar app or news activity. The notifications request a response of either a “Yes” or a “No.”
- Pros: There's a direct and secure communication between authentication and the smartphone application.* *
- Cons: If a device is stolen, users must go online to cancel the device before it is compromised.
Although there are pros and cons to every 2FA option, keep in mind that it is impossible to get your enterprise authentication 100% secure. Implementing 2FA increases your security no matter what, so select a second factor that works best for your employees.
2FA Goes Beyond Security to Improve Output
While the primary reason businesses implement 2FA is for the extra layers of security, the methodology of 2FA also enhances employee productivity and operational efficiencies.
Simply by requiring a second form of identification, there is a low probability that a hacker can successfully impersonate an employee and gain access to your systems. If an employee loses a mobile device or a password is stolen, 2FA provides enough time for your company to remedy the issue before too much damage is done.
Beyond these obvious mobile security benefits, 2FA also provides the enterprise with a few other advantages that affect your bottom line.
Employees are now mobile, working on their personal devices outside the office. As a result, they are more productive and businesses are reaping the rewards of this newfound flexibility.
2FA is an effective method to secure mobile devices where employees can safely access company-owned applications, data, shared documents, and other systems from virtually any device without putting the company at risk. Corporate IT can rest assured that if a device is compromised, 2FA will make it really hard for anyone to gain illegal access.
Employee mobility has created a happier and more productive workforce, and 2FA is the best method to provide the security measure that reaches outside the firewall to make it all possible.
Stolen credentials are the biggest security risk for every business, but most companies don't even know when an employee's credentials have been compromised until it is too late.
In the devastating 2014 eBay data breach, the attackers spent over 229 days within eBay's systems because the stolen passwords were logged as appropriate access. 2FA notifies the account owner immediately that their credentials are being used by someone other than them.
If the hacker has both security factors, there is a good chance that the account owner has already reported a security concern because it means they are missing a device or received an alert that is inconsistent with their activities. 2FA gives the business a new level of awareness level to stop crimes before they start.
There are several ways 2FA can help your company save money. The biggest is in preventing a data breach, which can cost a company up to $3 million. Beyond mitigating theft, there are two other ways 2FA can help you save money:
Reduced Help Desk Inquiries: Time is money and reducing the amount of time your IT expert is spending resetting passwords can save the company a lot of money. According to HDI, at least 35-40% of help desk calls are related to password resets, which require an average of 20 minutes of the help desk technician’s time to complete. 2FA gives employees a secure way to reset their own passwords, resulting in fewer calls and more productive employees.
Cloud-based 2FA: Some larger companies have implemented 2FA using hardware tokens (or "fobs") that employees carry around like a thumb drive. These tokens generate one-time passwords, but they are expensive and hard to manage as employees often lose them or keep them after they leave the company. Cloud-based tools like Auth0 provide soft tokens like SMS and Push Notifications, giving companies a new, cost-effective way to utilize 2FA.
Identity access management tools allow businesses to implement 2FA for their internal systems in the same way Google, Twitter and Facebook use it to address consumer concerns. Not only will you gain that added layer of security, but the enhanced productivity, awareness and cost savings make 2FA a viable tool for your bottom line.
Empower Your Passwords, Improve Your Business
In the same way we still use keys to unlock our doors, passwords are our preferred method of accessing our digital worlds. Passwords have been part of humanity for ages and are not going anywhere, but that doesn't mean we need to rely on them solely to protect our company's valuable assets.
2FA augments passwords in a unique way that not only adds an important layer of extra security but also enhances employee productivity helping your bottom line.