Two-Factor Authentication and the Death of Passwords
Cybercrime is relentless. According to the global cybersecurity firm McAfee, attacks of all types rose again this year from 2018 numbers. In their 2019 report, they note that ransomware attacks alone increased 118% in the first quarter of the year. 8% of all web searches lead to malicious pages and 68% of breaches took 2 months or longer to discover. All in, more than 2 billion accounts were breached during the first quarter alone. It is safe to assume that every business, from corner stores to Fortune 500s, will suffer a security breach at some point.
It’s therefore no wonder why websites and applications are increasingly requiring more than just single factor authentication – a password – for access. Two-Factor Authentication (2FA), also known as Multi-Factor Authentication (MFA), provides an additional layer of security. Most financial institutions, Amazon’s popular AWS, Google, Salesforce, and Office 365 all use 2FA to protect their users and their data. In most cases, it can be enabled for free and, according to Symantec, 80% of security breaches could have been prevented with 2FA.
2020 Could See the End of Passwords
Let’s look at three reasons why this is not as unlikely as it may seem. First, a strong password is simply no longer enough to keep your online accounts secure. Cybercriminals are using cutting-edge software to crack passwords, or just sheer computing power to attempt every possible combination of letters, numbers, and characters. These brute force attacks have been used to gain access to computers, web portals, and online banking.
Another new risk factor is the rapid growth of IoT, the “Internet of Things,” where devices as disparate as routers, watches, and coffee makers are all connected to someone’s network. 2019’s rollout of 5G means that by the end of 2020, there will be literally billions of new connected devices. A recent IoT brute force attack exploited the default username and password combination in a popular brand of internet-connected camera.
Finally, the continuing shift to the mobile work style is presenting hackers with more and more of these vulnerable devices and their unstructured data. Fraudulent mobile transactions and access will continue to increase in 2020 as they did in 2019 and 2018.
Two Factor Authentication has emerged in response to these threats.
How Does Two-Factor Authentication Work?
2FA combines everyday password-based security with a one-time SMS authentication, or with biometrics like fingerprint scanning and facial recognition. The idea is that a second layer of protection will compensate for weaknesses in the first. The simple act of entering a code that you receive on your phone provides much greater security than using a password alone. In principle, the technology is based on the following concept:
- Something you know (such as PIN numbers, secret questions, or passwords)
- Something you have (such as a smartphone, laptop, face, voice, retina, or fingerprint)
Hackers may be able to easily crack your login password to gain network access, but hijacking both your work computer and your mobile phone, for example, creates a considerably bigger challenge. Additionally, the latest authenticator apps such as Authy, Google Authenticator, Microsoft Authenticator, and LastPass Authenticator provide extra layers of security. Some will randomly generate ten digit codes that refresh every few seconds. This makes it exponentially harder for cybercriminals to brute force their way into any system.
2FA for Microsoft Office 365
The best way to understand how 2FA works is with a real-world example. Let’s look at Office 365. Microsoft lets users enter a one-time code received on their mobile devices to log into Office 365. Alternately, an application like MS Authenticator allows users to simply approve an alert on their phone as the second form of authentication, bypassing the need for a code. Most services that use 2FA involve similar procedures. With two-factor authentication, you and your team will have peace of mind knowing your accounts are much less vulnerable to data breaches.
In most cases, 2FA can be enabled for free. Even though logging in may take an additional step, it usually takes only a few seconds and it’s always worth the effort. Two-Factor Authentication not only increases your security, but it can also help your firm reduce operational costs and maintain productivity in the long run. Plus, you’ll sleep better knowing that you are much safer from the reputational damage, IP loss, or legal repercussions of a data breach.
By Greg Bibeau, Managing Director, Terminal B Information Technology Services