Online criminals are more organised than ever. Often, passwords provide ineffective protection from their brute-force attacks and social engineering scams.
If passwords alone are inadequate, two-factor authentication can provide extra security to business services without making signing in an inconvenient process.
So, what is two-factor authentication? And should your business start using it? Read on and we'll explain.
What is two-factor authentication?
As the name suggests, two-factor authentication adds a second layer of protection to your online accounts.
To sign in, you need something you know and something you have.
Using a cashpoint is a form of two-factor authentication. Withdrawing money requires a debit card (something you have) and a PIN (something you know).
Online, two-factor authentication most often combines a standard password with a single-use code that's sent to your mobile phone. This means signing in becomes slightly more complex.
First, you need to enter your password correctly. After a moment, a code arrives on your mobile phone. To gain access, you have to enter that, too:
This kind of two-factor authentication is available with common online services, including Google, Yahoo, Microsoft and Apple accounts. It makes things more secure because a hacker can't break in with only your password.
Certain two-factor authentication services also confirm the location from which the initial log-in attempt was made, which makes identifying malicious log-ins far easier.
Two-factor authentication comes in many different forms. For instance:
- A digital key fob, showing a passcode that changes every minute or two — like the RSA SecurID device, shown in the main image.
- A smart card, which must be inserted into a reader attached to your computer.
- A pocket-sized PIN device like Barclays PINsentry. These are most often used with online banking.
When should you use two-factor authentication?
As a general rule, it's wise to use two-factor authentication with any online or remote services used to store sensitive business data. These might include:
- Remote access to your company network. If staff can sign in to your network to access documents and files, it's wise to add two-factor authentication.
- Online storage services. If you use services like Dropbox to store or backup data, two-factor authentication provides extra protection.
- Cloud services holding sensitive data. For example, if you use a cloud CRM system like Salesforce, you can protect customer data with two-factor authentication.
Where an online service offers two-factor authentication, it's usually relatively easy to activate it.
Unfortunately, not all online services currently provide two-factor authentication. But when it's available, it's best to use it.
There's also an argument that two-factor authentication should be a consideration when evaluating new online services.
For example, it's probably unwise to adopt a cloud backup tool that allows access to files via a simple password.
It can be trickier to implement two-factor authentication with your in-house services. You'll probably need to work with your IT supplier to identify and implement the best two-factor mechanism.
Making two-factor authentication workable
Because two-factor authentication adds an extra step to the sign in process, you need to make sure it doesn't get in the way when your employees are trying to get things done.
Some two-factor services let you strike a compromise between security and accessibility. For instance, you could set up your email so that two-factor authentication is required only every 30 days, or when an employee signs in from a new device.
However, the biggest issue with two-factor authentication is ensuring you always have access to the thing you need to sign in. Text messages are generally reliable, but what do you do if your phone battery goes flat or your mobile network goes down?
A good rule is to have two backup options in case something goes wrong. Often, you can print out a set of one-time codes to keep safe for use in an emergency.
For instance, if you use two-factor authentication with your Apple account, you can print out a code to reset your account as a last resort:
To be extra sure of maintaining access to your data, have another alternative way to access your account settings too. Perhaps you can set up a specific computer in your office, or simply grant access to your IT supplier.
Two-factor authentication is an extremely effective way to protect your data from hackers. It's advisable to use it wherever possible. Just make sure you don't risk leaving yourself locked out, too!