Two-Factor Authentication, do you need it?
There was a time when passwords alone were enough to protect business services. But advancements in technology have worked out well for hackers and provided them with the necessary tools to effortlessly hack through passwords. Thankfully, two-factor authentication can help.
Two-factor authentication (2FA), also known as multi-factor authentication (MFA), is an additional blanket of security to protect online accounts without any hassle.
Two-factor authentication is already used extensively, and most of us use it unknowingly. A good example of 2FA is a cashpoint. Withdrawing money from an ATM requires a debit card as well as a PIN. If even one of these two specifics were missing, it would be impossible to withdraw money.
While signing in with a password requires only the password, two-factor authentication requires two bits of information – something you have, and something you know.
In the above example of withdrawing cash, the debit card is ‘something you have,’ while the PIN is ‘something you know.’
Online 2FA uses a combination of a standard password with a one-time password (OTP) that is sent to your mobile phone via SMS. Signing in becomes more complex. You would first be required to enter your password. Once you enter your password, an OTP is sent to your phone. The OTP must now be entered to gain access. Without the OTP, it would be impossible to sign in.
Online services such as Yahoo, Google, Apple, and Microsoft use the two-factor authentication service to make doubly sure that hackers cannot hack into your account. If someone were to get hold of your password, they could not get into your account without your phone, which is most likely password-protected.
If you have lost your phone, you have no way to accesses your SMSs. But most services offer more than one method to log in, such as the ability to generate backup codes. It is easy to set up a recovery key which must be stored safely in a password-protected document. This will help you log in even if your phone is misplaced or lost.
Is two-factor authentication necessary?
Generally speaking, an added layer of security is always welcome – especially since many log-ins can be compromised fairly quickly. Two-factor authentication is especially necessary for certain instances when privacy is of utmost importance. Since 2FA makes use of a code that only a specific user will have (sometimes for a limited time), it is impossible to be compromised.
A recent article in the Washington Post highlights how easy it is for hackers to get passwords from owners of smart home cameras, simply by spying on them. According to a Verizon report on data breach, 80% of data breaches can be avoided by using 2FA. Two-factor authentication is especially important when:
- You access online storage services such as Dropbox to store or backup data.
- Your employees remotely log in to your company network to access documents/files.
- You use a cloud service such as a cloud CRM system (for example, Salesforce) to store sensitive client information.
- You use mailing services such as Apple, Gmail, or Yahoo.