If you’re anything like our clients, you’re always looking for ways to bolster your organization’s security defenses.
One simple solution with big impact is two-factor authentication. What is two-factor authentication, and why do our businesses need to give it some serious consideration? We’ll walk you through it below.
What is two-factor authentication?
Two-factor authentication means precisely what it sounds like: in order to log into any account, you need to authenticate (prove your identity) by way of two different factors.
In most cases, two-factor authentication uses (1) something you know, and (2) something you have.
In our virtual desktop environment, for example, users will first enter their credentials (something they know) in our portal. Next, an alert will automatically be sent to their smartphone (something they have). Once they clear that alert, they’re logged right into their desktop.
The benefit here is that even if someone were to get ahold of your password, they wouldn’t be able to log into your account without also having your smartphone, your fingerprint, or whatever the second form of authentication requires.
Why do our businesses need to consider implementing two-factor authentication?
Unfortunately, passwords can only offer so much protection for your accounts. Did you know that it would take less than a second for a hacker to crack the all-too-common “123456” and “password”?
This is why providers like us go on and on and on about the importance of having complex, unique passwords for all of our accounts – the more complex the password, the harder it’s going to be to crack.
Say your company does have an excellent password policy in place, though. Then the problem becomes how your employees are to possibly remember all of these passwords without resorting to writing them down on sticky notes (which, of course, defeats the whole purpose).
To solve this problem, providers like us might suggest that you look into using a password manager like OneLogin or LastPass to keep each person’s passwords organized and locked in a secure vault. But then, if you’ve been paying attention to the news, you’ll notice that these password managers themselves have been hacked on multiple occasions, and are far from a perfect solution.
The moral of the story is that, in order to minimize the risk of unwanted access to our accounts, we need to rely on more than just passwords; we need to put another obstacle in the way of our data and cyber criminals. This is exactly what two-factor authentication does.
What else should we keep in mind?
Before you implement two-factor authentication solutions for your business, consider the following:
- Increased security can mean decreased usability. Whenever you’re implementing a security measure, it’s important to weigh the impact that it will have on your team’s ability to operate effectively; not only are these tools an obstacle for hackers, but they can also be an obstacle for your employees. With two-factor authentication, the inconvenience level is pretty low; as long as the software solution is implemented properly, it should operate seamlessly and only take up a few seconds of your team’s time. But do make sure your team buys into that extra little step to avoid any frustrations (and attempted work-arounds).
- You’ll still need strong passwords. Even if you do implement two-factor authentication, it’s still important that you create and enforce a password policy for your organization. This is for a couple reasons: (1) not all accounts will support two-factor authentication, so your password will still be your only defense, and (2) making any sort of exceptions as far as security sets a dangerous precedent that it doesn’t actually matter all that much. If your team will need a password manager to handle their credentials, we’d still say it’s okay to use one of these packages if that’s what it takes.
Work with your IT team to identify the best options available to you, roll them out methodically, and spend some time training your staff to make sure they’re comfortable with the change.
For more on how you can keep your company secure, here are some of our recent articles that might be of interest to you:
- How to craft a successful security awareness training program for your staff
- Phishing vs spear-phishing vs email spoofing: How to stay protected
- Key elements of a successful password policy