Why is Two Factor Authentication a MUST?

Share on Facebook0Tweet about this on TwitterShare on LinkedIn4

The importance of cybersecurity cannot be underestimated. Indeed, tens of thousands of websites are hacked each day. While this is a fraction of the billion or so websites currently in existence, it’s not just your everyday website that is targeted.

Arguably, as the Internet of Things continues to grow and personal information becomes even more accessible through cloud storage, extra layers of security are going to be required.

The reality is, there’s a never-ending supply of nefarious characters who want to wreak havoc by hacking into various technological devices (including, eventually, driverless cars). Your phones, “smart speakers” (Amazon Echo), security cameras, and even your “smart refrigerator” are “game on” signals to would-be hackers.

While there are specific ways to guard each device, an increasing number of SaaS companies are using two factor authentication (2FA) to deter a massive data breach.

What is Two Factor Authentication?

Certainly, at some point in your social media user experience, you’ve already used two-factor authentication. For example, certain platforms will have you set up the traditional username and password, and then also require a PIN number which has been sent to your phone via text message.

Quite simply, two factor authentication (2FA) prompts the user to provide two pieces of information for proving user identity at an access request point. This can include any of the following factors

  • Knowledge: passwords, PINs, secret questions (e.g. What’s your mother’s middle name?)
  • Possession: security tokens, USB tokens, card readers (e.g. the chips now embedded in a majority of credit and debit cards & credit cards)
  • Inherence: fingerprints, retina scanners, face and voice recognition (e.g. Apple’s fingerprint recognition access for iPhones and iPads)

Consequently, 2FA adds another security layer. However, some factors have greater strength than others. For example, retina, fingerprint, and face recognition scanners are more challenging to breach. After all, your fingerprint is unique to you – and only you. Whereas USB tokens or chips embedded in credit or debit cards are directly transferrable. They can be stolen, and once passwords are cracked, there goes the data!

At some point in the future, the inherence factors will be much more ubiquitous. As for now, most sites, such as Google and Facebook, use the Knowledge factor for 2FA.

Why Only Two Factors?

Most email and social media accounts allow users to set up 2FA. As an example, Google and Facebook both carry the 2FA option and have step by step instructions for activation. But, why only two factors?

The first step in cybersecurity is devising a strong password. A company, or an individual, can have 5 or more layers of authentication, but with a series of weak passwords, hackers will burn through each layer like crepe paper.

The subsequent step is creating a system of roadblocks. However, these can turn into a nightmare for the consumer base. There’s a balance between making sure no one but the user has access and ensuring the user has the easiest access points. Remember, all businesses, including SaaS platforms, are in the business of making money. Ease of use is a primary component of customer service.

As more factors are required just to gain entry into your own email account, frustration levels also increase. So far, 2FA provides that balance between ease of use and protection against a massive data breach.

Also, not all devices are currently equipped for inherently stronger authentication factors such as a fingerprint or retinal scanning. Therefore, the likes of Google, Dropbox, and Tumblr need to maintain accessibility through quick access. As such, Knowledge factors will continue to dominate the 2FA landscape.

The amount of private information being gathered by machine learning algorithms is not decreasing. Identity theft continues to be a concern as $16 billion have been stolen from 15.4 million consumers in the U.S. during the 2016 calendar year.

Summarily, 2FA, at the very least, is a must even for the casual social media consumer.

When it comes time for you to consider implementing 2FA, our experienced team at DEFSYS will collaborate with you to design an authentication system that will further optimise your cybersecurity systems. We’re a phone call away at 1300 333 797. Or, should you prefer, complete our contact form and we will contact you as soon as possible.