Does this sound familiar? When logging into an online account or app, you’re asked to enter your password and then required to provide a second form of authentication—such as a code texted to you or generated on your phone using an authenticator app. Once you provide the second form of authentication, you’re granted access to your account. This process is two-factor authentication (2FA) and you have most likely been required to use it by your employer, bank, Apple, or Facebook to secure an online account. According to Cisco, “two-factor authentication is a specific type of multi-factor authentication (MFA) that strengthens access security by requiring two methods—also referred to as authentication factors—to verify your identity. These factors can include something you know—like a username and password—plus something you have—like a smartphone app—to approve authentication requests.” 2FA provides an extra layer of security to ensure that the person trying to gain access to an online account is who they say they are in case their password is stolen.
Two-factor authentication uses
So much of our lives now happens online and our digital accounts are a magnet for hackers and cybercriminals. Used as a fraud prevention method, 2FA requires a consumer or user to confirm their identity before accessing an account. Below are common ways 2FA is used.
- eCommerce transaction confirmation: 2FA helps to prevent eCommerce security and fraud risks.
Have you ever tried to log in to your Amazon account on your phone when you normally shop on your laptop? A message appears saying that Amazon does not recognize your phone as a trusted device. Amazon then requires that you provide your password along with a unique security code delivered by text message or authenticator app. When you enter the code, you’re verifying that you trust the new device. This process protects you as a customer because it helps to ensure that you’re the only person who can access your account—even if someone else knows your Amazon password.
- Device/network authentication: Authenticating a user before allowing him/her access to a secure application on your network is important to protect your company’s digital assets. When your organization has so many laptops and other devices it’s difficult to keep track and multiple users on your network, 2FA offers an additional layer of security. Similarly, if you have an Apple phone, you are most likely familiar with two-factor authentication for your Apple ID. Like online shopping, with two-factor authentication, you can only access your account on a trusted device or the web. Companies that utilize 2FA are making sure that their customers and users are who they claim to be.
- Third-party portal access: Organizations also utilize 2FA to connect their employees, information, and content, using products like Microsoft 365. To ensure work can be performed from any device, Microsoft 365 2FA gives businesses a secure means to allow their employees to sign in to their accounts. 2FA protects users from credential theft by making high-risk accounts resistant to phishing and channel jacking.
Benefits to businesses
To combat the challenge of weak or recycled passwords, 2FA provides many benefits.
- Increased security: 61 percent of data breaches involve the use of unauthorized credentials. Requiring two credentials to access an account delivers an extra layer of security to prevent hackers from using stolen passwords, devices, and other individual pieces of information to gain access to an online account. Even if the victim’s password is hacked, the password alone is not enough to pass the authentication check.
- Increased flexibility and productivity: In today’s remote and hybrid work environment, 2FA offers a way for employees to access documents, data, and company applications from any device without compromising the organization’s network-sensitive information.
- Protects brand credibility: 77 percent of consumers have stayed loyal to specific brands for 10 or more years. Brand reputation and cybersecurity go hand-in-hand. When a company’s network is breached, its brand reputation with consumers is likely to be damaged in the aftermath. A Ponemon Institute study found that a data breach affects an organization in the following ways:
- Damaged consumer trust: When consumers’ private data is leaked, 65 percent of breach victims lose trust in the organization. Once trust is broken, the company’s loyal customers turn to competitors and it’s very difficult to win them back.
- Financial loss: A company’s total revenue is affected by high customer turnover rates. The study found that “organizations that lost less than two percent of customers after a breach experienced an average revenue loss of $2.67 million, while companies that lost more than five percent of their customers had an average revenue loss of $3.94 million.” Once the breach is publically disclosed, stock prices drop an average of five percent.
- Ease of implementation: 2FA is non-invasive and does not impact the rest of your organization’s virtual space. It also provides an intuitive user experience that is easily picked up by your employees and consumers with little effort. These combine to make it relatively easy to implement without slowing down productivity.
Mandatory cyber insurance requirements
Over the last two years, there has been an increase in phishing and ransomware attacks, and the costs related to resolving a data breach continue to rise. In May of 2021, a single password was compromised and The Colonial Pipeline was the victim of a ransomware attack that impacted the digital equipment that managed the pipeline. It’s no longer a case of IF your organization will be targeted, it’s now a matter of WHEN. In early 2022, President Biden signed a national security memorandum on improving the nation’s cybersecurity. This order mandates multi-factor authentication (MFA) for all U.S. federal agencies.
Cyber insurance companies understand that businesses of all sizes are targets of cybercriminals. As a result, for any company to get coverage from a cyberattack, cybersecurity insurance providers now mandate that MFA be in place as a minimum requirement to procure cyber liability insurance. If MFA is not enabled on your company’s network and devices, insurance carriers will no longer offer cyber insurance coverage to your business. This insurance covers your organization against any financial losses resulting from data breaches.
Summary: The landscape of work is changing. Traditional office-centric companies are evolving into geographically distributed organizations by embracing a hybrid work model. 78 percent of security and IT leaders feel that remote workers are harder to secure. As the number and sophistication of security breaches continue to climb, two-factor authentication is the single easiest and most cost-effective way to ensure your customer and user accounts are secure in today’s digital consumer and work environment.
Lume’s cybersecurity services feature a layered approach to protection and responsiveness: endpoint protection, DNS protection, and cybersecurity training. Pick and choose a standalone product, or bundle it with other services to implement the most holistic cybersecurity solution. Contact us for more information.
This blog was written by Lume Strategies Director of Professional Services Michael Hensley.