This article was originally shared on staysafeonline.org
Two-Factor Authentication: Is it Necessary?
Two-Factor Authentication – News of data breaches, hacked accounts, and stolen sensitive information has unfortunately become a daily occurrence. Millions of users are left to wonder if their personal data has been compromised, or if they’ve become one of the latest victims of identity theft. For many, the answer is ‘yes’, marking the start of a long and tedious account recovery process.
With the rise of account takeovers, usernames and passwords just aren’t cutting it anymore. A static string of letters, numbers and symbols — no matter how complex or how often its changed — is one of the weakest (and easily forgotten) forms of account protection for hackers to bypass. The good news is that users now have improved options to secure their online accounts.
With increasingly widespread support for two-factor authentication (2FA) on websites and mobile apps, individuals are able to add an extra step to their account login process to provide a higher level of security (something you know, plus something you have). However, even as 2FA is becoming natively supported, there is still a gap in getting users to practice 2FA as part of their everyday routine. According to a recent study by Ponemon Research Institute, ‘The 2020 State of Password and Authentication Security Behaviors Report’, less than half of individuals (36%) use 2FA to protect their personal accounts.
Furthermore, in the same research, 76% of individuals who reported being a victim of an account takeover changed how they protected their accounts. Unfortunately by the time these changes were made, it was too late. From this data, we know that users should be proactively protecting their accounts to mitigate these attacks.
The first step of securing your online accounts is turning on 2FA. However, it’s important to note that not all 2FA options are created equal. A few of the most common 2FA methods include:
SMEs 2FA
One-time passwords are sent via SMS (text message) and once received, the code can be copied and pasted into an application. Because of phone number porting scams and SIM swapping, this method has a poor security rating.
Authenticator Apps
An authenticator app such as Google Authenticator is downloaded to your mobile device, and once you scan a QR code in your account’s security settings, the app stores one-time codes that are only valid for a limited amount of time. Although this method is more secure than SMS, it still relies on a mobile device, which isn’t always available or convenient.
Security Keys
A hardware security key is the most secure and convenient 2FA option. In fact, a recent Google study found that security keys were the only method to prevent account takeovers 100% of the time. Security keys, such as a YubiKey, require physical access to the device to log into an account, preventing sophisticated breaches and remote attacks. When prompted during login, you simply need to touch the device to verify your identity. Think of the security key as if it were a physical key to protect your digital world.
…continue reading here.
Have you Maximised Employee’s Ability to Work Remotely?
Successfully Lead Employees During This Time
Having the ability for your employees to work remotely is a huge benefit for companies to invest into.
We can help you:
Support is essential for your employees to limit any downtime or technical issues, allowing them to maximise workflow for the company. Contact us now for more information.
Our personal, hands on approach is why so many of our clients affectionately refer to us as “Their IT Department”. Contact us now for more information.
Subscribe to our newsletter
[email-subscribers-form id=”1″]