As more of our daily tasks, purchases, and communications involve being logged into an online service – and as more of our data is at risk of theft and misuse because of it – the level of security required to keep it all under lock and key has had to evolve. Our personal data is at risk every time we store our credit card number, address, or banking information with a web service. And it’s not just our personal data that is potentially exposed. A business must also consider the trade secret and client information that might be stored within the services it uses, such as Google, Slack, and Square. A password alone is simply not enough to keep it all safe. One method of extra security that has become nearly ubiquitous in the past few years is Two-Factor Authentication, sometimes called “2FA.”

 

What is Two Factor Authentication?

A recent article by Eric Griffith at PCMag helps clarify it. He quotes Neil J. Rubenking, PCMag’s lead security analyst, who explains “there are three generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor means the system is using two of these options.”

There are multiple ways to accomplish the second factor. These include biometric scanners for fingerprints or retina/face scans, and one-time use numeric codes that can be sent to your phone when you attempt to log in to a service. There are even authenticator apps that provide this same service, without using SMS.

The question in 2018 is not “why should I use two-factor authentication” but rather “why wouldn’t I use two-factor authentication?” It is typically easy to set up and free (though messaging and data rates may apply, depending on the type of authentication). It may require an extra step on login, but the seconds it takes easily outweigh the risk of data loss against which merely using a password may not protect.

 

How do I set up Two-Factor Authentication?

Head over to Eric Griffith’s article in PCMag for detailed explanations on how to set up Two-Factor Authentication on more than a dozen popular sites and services (including Google, Apple, Yahoo, Square, Paypal and even social media sites such as Facebook, LinkedIn, and Twitter): https://www.pcmag.com/feature/358289/two-factor-authentication-who-has-it-and-how-to-set-it-up

 

Incident Response and Two-Factor Authentication

In bit-x-bit’s incident response work, we often see that the lack of two-factor authentication is a significant contributing reason enabling an attacker to compromise a business’ systems and information.  This is typically true with cloud-based email, such as Office 365 or Gmail. Two-factor authentication is a necessary measure in protecting your company’s liable assets.