Does this sound familiar? When logging into an online account or app, you’re asked to enter your password and then required to provide a second form of authentication—such as a code texted to you or generated on your phone using an authenticator app. Once you provide the second form of authentication, you’re granted access to your account. This process is two-factor authentication (2FA) and you have most likely been required to use it by your employer, bank, Apple, or Facebook to secure an online account.
According to Cisco, “two-factor authentication is a specific type of multi-factor authentication (MFA) that strengthens access security by requiring two methods—also referred to as authentication factors—to verify your identity. These factors can include something you know—like a username and password—plus something you have—like a smartphone app—to approve authentication requests.”
2FA provides an extra layer of security to ensure that the person trying to gain access to an online account is who they say they are in case their password is stolen.
Two-factor authentication uses
With so much of our daily lives now taking place online, our digital accounts have become a target for hackers and cybercriminals. Used as a fraud prevention method, 2FA requires a consumer or user to confirm their identity before accessing an account. Below are common ways 2FA is used.
- eCommerce transaction confirmation:2FA helps to keep your eCommerce accounts and transactions secure. Have you ever tried to log in to your Amazon account on your phone when you normally shop on your laptop? A message appears saying that Amazon does not recognize your phone as a trusted device. Amazon then requires you to provide your password along with a unique security code delivered by text message or email. By entering the code, you’re verifying that you trust the new device. This process protects you as a customer because it helps ensure that you’re the only person who can access your account—even if someone else knows your Amazon password.
- Device/network authentication:2FA provides important protections for company devices and digital assets. With so many laptops and other devices, it can become difficult for organizations to keep track of multiple users on your network. 2FA offers an additional layer of security. Similarly, if you have an Apple phone, you are most likely familiar with two-factor authentication for your Apple ID. Like online shopping, 2FA ensures only you can only access your account on a trusted device or the web. Companies that utilize 2FA are making sure that their users are who they claim to be.
- Third-party portal access: Organizations also utilize 2FA to connect their employees, information, and content, using products like Microsoft 365. To ensure work can be performed from any device, Microsoft 365 2FAallows employees to securely sign in to their accounts. 2FA protects users from credential theft by making high-risk accounts resistant to phishing and channel jacking.
Related: SaaS Protection for Microsoft 365: Simple, Automated and Secure Backup
Benefits to businesses
By addressing the challenge of weak or recycled passwords, 2FA provides many benefits.
- Increased security:74 percent of all breaches include the human element, with people being involved either via error, privilege misuse, use of stolen credentials, or social engineering. Stolen credentials are one of the top three ways that attackers can access an organization. 2FA delivers an extra layer of security to prevent hackers from using stolen passwords, devices, and other individual pieces of information to gain access to an online account. Even if the victim’s password is hacked, the password alone is not enough to pass the authentication check.
- Increased flexibility and productivity: In today’s remote and hybrid work environment, 2FA offers a way for employees to access documents, data, and company applications from any device without compromising the organization’s network-sensitive information.
- Ease of implementation: 2FA is non-invasive and does not impact the rest of your organization’s virtual space. It also provides an intuitive user experience that is quickly picked up by your employees and consumers, making it relatively easy to implement without slowing down productivity.
- Protects brand credibility: 77 percentof consumers have stayed loyal to specific brands for 10 or more years. Brand reputation and cybersecurity go hand-in-hand. When a company’s network is breached, its brand reputation with consumers is likely to be negatively impacted in the aftermath. Research shows that a data breach affects an organization in the following ways:
- Damaged consumer trust: When consumers’ private data is leaked, 65 percent of breach victims lose trust in the organization. Once trust is broken, the company’s loyal customers turn to competitors, and it’s very difficult to win them back.
- Financial loss: A company’s total revenue is affected by high customer turnover rates. The study found that “organizations that lost less than two percent of customers after a breach experienced an average revenue loss of $2.67 million, while companies that lost more than five percent of their customers had an average revenue loss of $3.94 million.” Once the breach is publicly disclosed, stock prices drop an average of five percent.
Mandatory cyber insurance requirements
In recent years, there has been an increase in phishing and ransomware attacks, and the costs related to resolving a data breach continue to rise. In May 2021, a single password was compromised and Colonial Pipeline was the victim of a large-scale ransomware attack that impacted the digital equipment managing the pipeline. It’s no longer a case of “if” your organization will be targeted but when. In early 2022, President Biden signed a national security memorandum on improving the nation’s cybersecurity. This order mandates multi-factor authentication (MFA) for all U.S. federal agencies.
Cyber insurance companies understand that businesses of all types and sizes are targets of cybercriminals. As a result, for any company to get coverage from a cyberattack, cybersecurity insurance providers now mandate that MFA be in place as a minimum requirement to procure cyber liability insurance. This insurance covers your organization against any financial losses resulting from data breaches. If MFA is not enabled on your company’s network and devices, insurance carriers will no longer offer cyber insurance coverage to your business.
The landscape of work is changing. Traditional office-centric companies are evolving into geographically distributed organizations by embracing a hybrid work model. 78 percent of security and IT leaders feel that remote workers are harder to secure. As the number and sophistication of security breaches continue to climb, two-factor authentication is the single easiest and most cost-effective way to ensure your customer and user accounts are secure in today’s digital consumer and work environment.
Lume’s cybersecurity services feature a layered approach to protection and responsiveness: endpoint protection, DNS protection, and cybersecurity training. Pick and choose a standalone product, or bundle it with other services to implement the most holistic cybersecurity solution. Contact us for more information.
This blog was written by Lume Strategies Director of Professional Services Michael Hensley.