ABC123. QWERTY. MYNAME1234. Rings any bells? These are probably replicas of the first passwords you ever used — and may still use. But the risks of hacked passwords are more real, and the potential costs of breaches (from a corporate standpoint) are stratospherically high. Is it any wonder, then, that enterprises are queuing up to endorse a proven effective mechanism of delivering advanced access and authentication security? We’re talking about two-factor authentication, and this guide will help you understand why your business needs it now.
What’s two-factor authentication, after all?
Most of us have heard of 2FA, albeit not in a business sense. 2FA is an authentication mechanism that lets users access account information and data based on:
- What they know (user name and password — that’s factor #1).
- What they have (a physical device, separate account, etc. where a one-time token is sent to the user — that’s factor #2).
When you enable two-factor authentication for an account, the system sends a digital code to the email address or mobile contact number of the user (an SMS text, an automated call, etc.). Apart from keying in the username and password, the user needs to key in the one-time code received on the physical device or in an email account.
Some examples and stats
To understand two-factor authentication, take the example of Apple Pay. The system not only requires you to key in a user name and password for the account, but also needs the registered user’s thumb impression to authenticate a payment. Do not worry, no one is going to take your thumb. Just because the misguided, petty, and childish Loki took an eyeball in “The Avengers” from the German professional and a hand is cut off from the suitcase in the terrific movie “Ronin” does not mean someone is going to take your thumb.
This, in fact, is the most advanced form of 2FA, where the second factor is bio-physical, and not just a physical device. Unless someone is able to steal the user’s phone, crack the user name and password, and force the owner to push his or her thumb on the screen when prompted, it’s not going to happen!
Another example is good old Gmail from Google. If you log in to your account after a long time, or from a different device, Gmail sends a code on your registered mobile phone or calls your mobile number with the one-time code, as an additional layer of access request authentication.
Here are some more points to ponder:
- Gmail, Apple Pay, PayPal, Evernote, Dropbox, LinkedIn — all have 2FA built-in as a standard component of their account access authentication process. If it's important for these Internet giants, it should be good for your enterprise, too.
- A Symantec study revealed that as many as 80 percent of potential security breaches could be avoided by putting 2FA in place.
- In several countries’ banking regulations, service providers are required by law to use 2FA before allowing any payments to go through. And it’s only going to expand and be endorsed by pretty much all countries and institutions concerning digital transactions across the globe. This is already happening.
- Businesses operating in government-controlled industries and markets need to comply with standard protocols (that include 2FA) while dealing with online accounts.
- Companies associated with PCI, https://www.pcisecuritystandards.org/ CJIS (Criminal Justice Information System), and HIPAA, for instance, also need to enable 2FA for online account access.
Why is 2FA so important and successful?
Instead of adding depth to an existing authentication mechanism, 2FA works on adding breadth, and hence makes is exponentially more difficult for remotely located hackers to succeed in their malicious designs.
Complicated user names and passwords don’t just cut it anymore — security has to be multidimensional, and 2FA is the first step an enterprise can take in the direction. Here’s a quick look at some of the best benefits of two-factor authentication:
Better Security, Guaranteed: 2FA makes your business applications, user accounts, customer and vendor information, and pretty much every protected data more secure than ever before, obliterating the chances of a purely password-hacking-based breach succeeding.
Peace of Mind: We’re sure you don’t want to be convinced about the insurmountable risks of data security breaches for businesses; they cost millions, and they inflict irreparable brand damage. No cost is too high for the peace of mind that enterprise can enjoy once two-factor authentication is in place. Just watch a season or a day of “24” and you know all about this.
The Costs Are Not High: Two-factor authentication is not expensive. When you compare it to a traditional security mechanism’s cost, two-factor authentication is a very feasible decision or an enterprise, even on the cost front.
Guaranteed Employee Buy-In: Once you implement two-factor authentication, employees will need to necessarily use the additional security layer (mostly, their smartphones) to be able to access business applications. This instantly helps enterprises overcome the risks of weak end user passwords, password sharing among colleagues, and unhealthy password practices in general.
A trade-off on user experience?
There’s a lot of talk about how 2FA is contrary to the general principles of enabling enriched user experiences. The need to look for their physical devices, waiting for the one-time password to arrive, and having to key it in within a stipulated timeline — that does reduce the user experience quality.
In some businesses, this even creates risks of loss of sales because of technical issues with one-time password generation and failure of authentication in spite of the correct one-time code. However, a small percentage of incremental annoyance and inconvenience is worth the massive percentage of significant bolstering of user accounts, corporate databases, and business applications that 2FA brings to the table.
2FA: As good as PB&J
Two-factor authentication — the idea is simple enough, kind of like the concept of a peanut butter and jelly sandwich (some sliced bananas can make that sandwich so much better, though but this is another topic!).
Now a hacker can’t just access your online accounts by cracking your username and password. They need access to the physical device where the one-time code is sent, and that’s highly unlikely to happen.
Yes, two-factor authentication significantly ramps up digital security by bringing in the physical component into the authentication process. If you business is not on-board, it better be.
Photo credit: Wikimedia