Two-Factor Authentication, or 2FA, is simply the amount of different ways you authenticate yourself upon logging into a device, account, profile, or system. With a single-factor authentication, one would simply enter their username and password to gain access to their account. However, this is a very unsecured way of protecting yourself because if a single point of entry has been breached, even in a separate account, it can cause a chain reaction.
In other words, if somebody found out your email password through phishing attacks, they could access your other accounts (i.e. online banking) by requesting a password reset. The code gets sent to your email, which they have already setup on their computer, and they use that code to change your password and login to your online banking account. This is certainly one of the worst possibilities, however, it is conceivable.
“You should definitely change your passwords—regularly! By sheer brute force or simple phishing, passwords are, to be honest, a pretty laughable way of authentication.”1
There are a few standard ways in which a person can be authenticated as well as a couple of very specific ways.
Knowledge Factors – This is something the user knows. It can be a password, PIN, or a shared secret.
Possession Factors – This is something the user has. Possession factors include key fobs, RFID badges, or smartphones (sending a verification code via text or voice call)
Inherence Factors – This is a physical characteristic of the user. Commonly called bio-metrics, it can be a fingerprint, voice recognition, or face/iris recognition.
“Systems with more demanding requirements for security may use location and time as fourth and fifth factors. For example, users may be required to authenticate from specific locations, or during specific time windows.”2
Smartphones provide great assistance for 2FA with their built-in capabilities of knowledge factors, possession factors as well as bio-metrics. Many phones now have firmware that recognizes fingerprints to unlock the phone as well as voice and face recognition with the microphone and camera respectively. They can also be used as a 2FA for other accounts by receiving a text message with a one-time use code or receiving a voice call to authenticate. “In most cases, the extra authentication is simply a numeric code; a few digits sent to your phone, which can only be used once.”1
But 2FA is nothing new. For example, when you use your credit card and you must enter in your ZIP code to confirm a charge, this is a Two-Factor Authentication. You are using your credit card, which is a possession factor, and you are also using a knowledge factor, knowing your ZIP code3.
Many other companies are already using 2FA, like Amazon, Google, Microsoft, and Apple, to name just a few of the larger entities with important user accounts. But even with these protocols in place, it’s imperative that you abide by them and still change your passwords periodically. Multiple factors of authentication are still hack-able, depending on your level of participation.
Salient Facts from the Infographic:
94% of employees are concerned that their organization will be breached or hacked as a result of credential theft, which has increased dramatically by the rise in mobile endpoints.
90% of IT departments plan to implement two-factor authentication for access to cloud applications
20% of IT support tickets are resulting from lost or forgotten usernames and passwords
Other interesting facts about passwords and 2FA:
According to Symantec, 80% of security breaches could be prevented with 2FA.
In a US poll, 37% of people said they create more than 50 new account profiles per year; and 20% have had an online account hacked in the last year. More accounts, more threats.
80% of people are worried about online security and 70% no longer trust passwords.
It costs approximately $200,000 to fix issues post data breach for small businesses.4
When you are on Cloud 9:
Remember we said Microsoft and Google already have 2FA abilities? For Office365 and Google Apps users, this feature is available and can be activated. At Cloud 9, we are pushing for two-factor authentication for our users where we can, mainly to keep those phishing attempts at bay.
Although 2FA adds an extra step to your log-in process and depends heavily on patience and willingness to commit, it is certainly more secure than simply entering a single password that can easily be obtained by cyber criminals.