Sergey Nivens - Fotolia
A growing number of businesses are reinforcing their network access points by requiring users to participate in a second factor of authentication. It's quicker than it sounds and it's likely worth the extra effort for most companies.
In the beginning, there was one-factor of authentication. Users would log into their various accounts by simply entering their usernames and passwords. But password-only systems have long proven fallible. Users get sloppy and leave their accounts exposed. Hackers grow more sophisticated. Systems get compromised.
Enter two-factor authentication (2FA). Known also as multifactor authentication, 2FA requires two different means of verifying a user's identity when logging into a secure account. Think of two-factor authentication as having a second, different kind of lock on your door. If an intruder can get through one deterrent, there's still another waiting after it. That second factor of security is enough to foil your average cybercriminal.
To access your account, you must provide two keys or credentials, preferably two of the following types:
- Something you know, such as a password, pattern or personal identification number (PIN).
- Something you have, such as a key fob, RSA token or code sent via an SMS text.
- Something you are, such as a fingerprint, iris scan, voiceprint or even your face.
You'll find plenty of examples of 2FA security already in action. When you go to an ATM and insert your bank card, you must then punch in a passcode. You have the card and you know the code. It's the same thing when you slide your credit card at the gas pump and then enter your zip code. You might have even used an RSA token and PIN to log into your company's network.
User authentication security comes in many forms, although one-time passwords have become a particularly popular form of two-factor authentication when paired with a regular account password. One-time passwords are essentially a token accessible only through a designated device already in your possession. Often the token is delivered to your smartphone in the form of a four-, five- or six-digit PIN, either within an SMS text message or through an app such as Google Authenticator. To login, you need the regular password and the PIN.
When 2FA security is enabled, hackers have a more difficult time breaking into an account -- even if they get their hands on the username and password. The additional validation method adds a second layer of user authentication security, which can significantly reduce the risk of an account being compromised, an important consideration when trying to protect sensitive company data.
Although 2FA is more work for the user logging on to corporate or consumer systems, the boost in security far outweighs any inconvenience. Organizations can feel more confident in the services that employees are using when those services employ the extra validation step.