You sign into your bank account’s web portal, Facebook account, or [insert website that holds a bunch of personal data here], and it calls you out for your infrequent use of the sign in: “hey [name], it’s been awhile since you logged on! We want to verify your identity…” and then asks you the most convenient method of contact for sending you a code to enter. Yes, it’s annoying if you’re not expecting it, yet this 1-minute shuffle to grab your phone and gain access to your information can actually save you hours (or possibly days) correcting an identity theft nightmare or mitigating a cyber-security breach at the office.
So, what is this magic? It’s two-factor authentication.
Two-factor authentication, or “2FA,” is a method of secure access in which the user is required to provide two authentication factors to verify his or her identity. Typically, these authentication factors will derive from three different categories:
- Something that you know (password or pin)
- Something that you have (key fob or remote token)
- Something that you are (biometrics or “Inheritance Factors” -thumb print, speech verification, retinal scan, etc.)
It’s important to note that 2FA needs to use authentication factors from at least two of these categories (hence the “two-factor”). For example, using a password and security question as a method of access does not constitute as 2FA, since both methods are something the user knows.
A great example of 2FA in the news is Wells Fargo’s implementation for their ATM machines throughout the country. When withdrawing money, you’ll be able to use your PIN in conjunction with a regenerating code on your phone without the requirement of a physical card.
Why Implement Two-Factor Authentication
So why invest in dual authentication? As the world of hacking continues to evolve, so does our need for enhanced security methods. Here are three big reasons you should consider investing in 2FA.
- Because we have bad habits. Though we are constantly advised against it, most individuals are probably using the same password for every site they belong to, change maybe one character if password resets are required, or have that yellow post-it note stuck under their keyboard with everything written down. 2FA provides an extra layer of security so that even if the user’s password is compromised, the account cannot be accessed without the second authentication type.
- Compliance may require it. While not always specifically called out as a requirement, two-factor authentication or like security is often recommended when it comes to compliance regulation such as PCI, HIPAA, and FFIEC. It is likely that 2FA will become an “implement or face fines” requirement as laws and guidelines are updated.
- Advancements make it easy to use. 2FA can be implemented in many ways using services and devices you already use regularly, so it’s a great way to invest in security without having to jump through hoops training your employees and investing in more hardware. See below image for more on this.
While two-factor authentication is a great stride towards a secure environment, it isn’t your one stop shop towards hacking freedom. The more commonplace the protection, the more hacking attempts against it. Having a layered security approach is always the way to go when protecting your business. Check out our website’s security page or recent security updates on our blog for more information on Lloyd’s approach to cyber security.