What do Google and most of the latest smartphones have in common? They offer two-factor authentic (2FA).
Over the years, more people have been counting on 2FA to secure their networks and accounts and, thus, protect their personal and commercial assets. But the question is, does it work?
The What and Whys of 2FA
To understand the importance of 2FA is to know what it is. This is a more enhanced security option for online accounts and devices. Anyone who wants to access them, including hackers, need to crack two security layers.
The factors involved in this process include:
- Passwords
- Passcodes, which the platform can send to the email or usually to the mobile device
- Biometrics (e.g., iris or face recognition)
Companies like Cubit Tech can help businesses create 2FA using any combination of the three. For example, an employee who wishes to access a file outside the office might need to input their password and then receive another code on their device.
The significance of 2FA lies on one reason: increased IT risk. Take a BYOD (bring your own device) program, for instance.
In BYOD, the employee can already use their devices (which can also be company-owned) outside the office and access emails, drives, servers, and files. If they connect through a public network, a hacker can easily snoop into the system with more relaxed security.
Worse, theft pandemic is real. According to the Federal Communications Commission (FCC), about 10% of Americans become victims of phone theft. Among these, over 60% couldn’t recover their device anymore. Meanwhile, 44% of these incidents occurred in public settings, such as bars and restaurants, where owners accidentally left their devices.
A lack of another layer of protection could mean that thieves could get hold of sensitive data easily and quickly.
The Growing Concerns
Despite the necessity of 2FA, it is not the holy grail in IT security. For one, it is prone to different hacking techniques, such as a SIM swap attack, an account takeover fraud that hit Twitter’s CEO, Jack Dorsey.
In this scenario, another person hijacked the SIM, so they receive the passcodes instead of the original owner. Hackers can achieve this by either convincing the mobile carrier that the owner lost their SIM or bribing someone working for the provider.
2FAs can also be a hassle. A person might fail to log in if their mobile devices are inaccessible. Sometimes they don’t receive the passcodes and have to repeat the process. Not all phones are excellent in recognizing biometrics, such as fingerprints or faces.
What’s the Bottomline?
Hackers can and will exploit security weaknesses, and people can count on them to break into systems with 2FAs. For others, it can even be a challenge hard to pass up.
All these, though, mean that 2FAs should not be the be-all, end-all IT solution for any business. Company owners have to use them alongside other measures that include:
- Using strong passwords
- Limiting people’s access especially to sensitive files
- Creating a doable and measurable BYOD policy
- Continually educating employees on security breaches
In the end, any business’s security plan must be comprehensive and cover as many bases as possible.