May 2, 2016
The value of using two-factor authentication to secure your network
With cyberattacks in the news so often these days, security is a growing concern for businesses of all sizes and in every industry. Here at Next Dimension, we’re always looking for ways our customers can make their networks and users more secure. And user authentication is an excellent place to start.
It’s time to think beyond the password.
Until recently, the default option for user logon was single-factor authentication (SFA), a traditional security process that requires a user name and password for access to a website or network. Given the increasing sophistication of hackers, however, password protection is no longer good enough.
Beside the basic inconvenience of users having to remember or keep track of their passwords, there’s always the risk of passwords being stolen, whether from a discarded sticky note or an old hard drive. And let’s face it, sooner or later any determined hacker can find a way to breach a password-only based security system, through methods like brute force cracking (basic trial and error), dictionary (trying every word in the dictionary) or rainbow table attacks (using a list of plaintext permutations of encrypted passwords), which is why identity theft is on the rise.
For all these reasons, it makes sense to consider implementing two-factor authentication for the added protection of your network, your employees and your customers.
Two-factor authentication (2FA) is not new. You already use it.
If you’ve withdrawn money from a bank ATM, you’re already familiar with two-factor authentication. You not only needed a bankcard to access your account, you had to enter a PIN (personal identification number) as well. You needed two ways to get into your bank’s network.
As its name applies, two-factor authentication is a security process in which the user has to provide two forms of identification. One form of identification is something the user owns, a physical object like a bankcard, hardware token, smartphone or other device. The other form of identification is something the user knows (typically memorized), such as a PIN, security code or password.
The majority of cyberattacks come from remote Internet connections, and 2FA makes distance attacks less likely, since a user’s password is not sufficient for access and cybercriminals are not likely to have access to the user’s physical form of authentication. Without that second vital piece, remote attackers can’t pretend to be the user and gain authorized access to corporate networks, cloud storage, financial information, etc.
Two-factor authentication comes in many forms.
A variety of vendors, including Apple, Cisco and Microsoft, now offer devices and solutions for 2FA—everything from RFID (radio frequency identification) technology to smartphone apps.
Different online services offer different 2FA methods. The most common include:
SMS verification: Many Internet sites, such as those of banks, social networks and retailers, allow users to sign up to receive an SMS (short message service, or text) message, containing a one-time-use code they need to enter whenever they log into their accounts. The cell phones are essentially the second form of authentication.
Hackers can’t get into a user’s account with just a password—they need the password and access to the phone and its SMS message.
- App-generated codes: Some mobile apps can generate temporary authentication codes. The most popular, Google Authenticator, is made for Android and iPhone. Once it’s installed, the app generates new codes about every 30 seconds. Users have to enter the most current code displayed in the app on their phone as well as their password when they log into their account.
- Physical authentication keys: Created by Google and Yubico, U2F is an open authentication standard that simplifies 2FA using specialized USB or NFC devices. Whenever users want to log into their accounts from a new computer, they insert the device and press a button on it. There are no codes to type.
- App-based authentication: Some mobile apps provide two-step verification using the app itself. For example, Twitter’s mobile app allows users to enable “login verification.” Whenever users attempt to log into Twitter from another computer or device, they have to verify that login attempt from the mobile app on their phone.
- Email-based systems: Other services rely on users’ email accounts for authentication. They require users to enter in a one-time-use code sent to their email accounts.
Are you ready to take the next step?
While 2FA is not a panacea (no security measure really is), it can dramatically improve your network and users’ security—with reasonably little effort and cost. And Next Dimensions can help you implement it.
If you’d like to learn more, contact us and we’ll be happy to recommend the most effective way to implement 2FA for your organization. Your security and peace of mind are top priorities for us.