January 16, 2017 by The GLS Team
Do you want to reduce the risks of your customers' sensitive information like stored credit card numbers to get hacked? Assuming you said yes, then for the greater good of your organization's security and integrity you need to jump on the two-factor authentication bandwagon. Both businesses and customers have grown accustomed to laziness with passwords when they should be stronger, but simply telling your customers and staff to set up strong passwords isn't enough to deter hackers. Two-factor authentication isn't a magic bullet solution, but it can help make your data more secure.
What is an Authentication Factor?
Authentication factors are types of credentials used to verify your identity. There are several independent categories of credentials, but here are the three most common types of factors:
Knowledge: You know or memorize this factor. The most common modes are passwords and PIN codes.
Possession: A physical token like a key, card, or device. You need to have this token to proceed.
Inherence: What you are. This is really biometric authentication, where something uniquely belonging to your body is used to confirm your identity. It can be fingerprints, retinal scans, facial recognition, voice patterns, DNA samples, or other biological means of verification.
What is Two-Factor Authentication?
Two-factor authentication (or 2FA) is a security process that goes beyond a simple password. It requires that users provide two means of identification. Most commonly, 2FA entails one factor being a physical token (think of swiping a key card at a gym or hotel) while the second factor will be a password or code. Basically, one factor is something you have and the other factor is something you know. Swiping a debit card at a store is another example of 2FA because you need to physically swipe your card, then enter your PIN code. You have the card, and you know the PIN code.
However, you can use any type of credentials in 2FA. Single-factor authentication, on the other hand, is what most people use day-to-day such as a single password to open their email, social media account, or wifi network where the only credential required is a password. Logging into a bank or credit card account is another form of 2FA that is essentially two passwords, because these institutions will want both a password and an answer to a question like your hometown or the name of your favorite teacher.
In the wake of their massive data breach, Target adopted the use of PIN numbers with their store credit cards to make customers feel more secure. Email providers have also began to enable 2FA in the form of extra passwords, codes, and even facial or voice recognition as it would be difficult to use a physical card to log into your email.
For keeping incredibly sensitive data secure, you may want to employ multiple-factor authentication (MFA) which is essentially the same as 2FA, but it uses more than two factors.
Is 2FA a Fail-Safe Defense from Hackers?
While 2FA and MFA are excellent methods of keeping your data secure, it does not wholly prevent breaches from happening. You still need to educate your employees on security procedures and proper handling of tokens and data. 2FA does significantly reduce risks compared to single-factor authentication because there is simply more for hackers to get around. However, risk is still present from both the attack surface as well as the fact that most people are employing knowledge factors opposed to inherent or possession factors.
Global Learning Systems can help you design a custom 2FA solution for your business and educate you and your employees on 2FA effectiveness, so that your customers can have peace of mind. Contact us today!