<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=4052188&amp;fmt=gif">

two-factor-authentication2

In 2014, there were so many major data breaches that it’s barely even news when millions of customer profiles are compromised. It’s easy to think that hackers will find a way to break into our systems no matter what we do. But you might be surprised to find that one simple precaution could protect you from hackers—two-factor authentication.

A recent article in PCWorld warned that companies are setting themselves up for a hack if they don’t take advantage of two-factor authentication.

“While people may claim that the attackers in these breaches are advanced, sophisticated, or state-sponsored, their actual execution is quite simple in nature,” Jon Oberheide, co-founder and CTO of Duo Security, said in the article. “Simple phishing and other credential theft attacks have not only been the initial entry vector to these companies, but also how attackers move laterally within an organization to reach their eventual target." 

The Benefits of Two-Factors

There are usually three ways to prove someone’s identity:

  1. Something you know, like a password

  2. Something you have, like a cell phone

  3. Something you are, like your fingerprint

Usernames and passwords are the most common way to authenticate a person, or to prove they are who they say they are. Even though this method uses two pieces of information, it’s considered single-factor authentication because both the username and password are things you know.

two-factor-authenticationA person’s username is usually fairly easy to guess, and passwords are increasingly easy to crack or steal. In fact, hackers often get access to usernames and passwords through phishing attacks. High-profile breaches like those at Target, Home Depot and Sony started with a simple intrusion. 

“Had those organizations used two-factor authentication, and also required something you have or something you are, the attackers wouldn’t have been able to do much with the username and password,” Tony Bradley, principal analyst with the Bradley Strategy Group, said in a recent PCWorld article. “However, two-factor authentication alone is not enough. It has to be properly implemented two-factor authentication.”

Two-Factor Use Remains Limited

Many companies already use multi-factor authentication, but they only use it for key users or servers. But hackers only need one server that’s not protected by multi-factor authentication to gain access.

“It’s like locking every door and window in your house except for one, and hoping a burglar isn’t thorough enough to find the one unlocked entrance,” Bradley said. “It’s only a matter of time until a username and password is compromised, but as long as the attacker doesn’t also have the mobile phone or fingerprint that goes with those credentials, the data will still be safe.”

Bradley goes on to recommend that all companies and individuals use two or more factors of authentication everywhere possible.

Free e-signature security eBook

You may also like

Credit Union Offers On-Demand Service with SIGNiX Digital Signatures
Credit Union Offers On-Demand Service with SIGNiX Digital Signatures
27 June, 2014

Alamo Federal Credit Union has combined technology with face-to-face member relations to create Concierge Banking. With ...

Credit Unions in Need of Proper Identity Authentication
Credit Unions in Need of Proper Identity Authentication
26 July, 2016

As credit unions increasingly adopt digital technology to make financial transactions more convenient, they face new cha...

Three essentials for an effective credit union website
11 January, 2013

Credit union executives have a lot of unique challenges, and a big one is trying to provide a professional online presen...