Why everyone should care about two-factor authentication
In the age of BYOD, corporate employees and consumers alike have access to incredible computing power in the palms of their hands. With almost our entire digital lives available through these devices and the ability they grant us to conduct business from anywhere, smart devices have become an omnipresent boon to our existence.
They have also become a bit of a curse when it comes to security.
Over the past several years, we have seen a steadily increasing cadence of major breaches to companies in all industries, which impacts the way business is conducted and puts sensitive personal and corporate data at risk of falling into the hands of hackers. Understandably, it also creates a significant amount of fear, uncertainty and doubt (FUD), which threatens to impede all of the technological progress that we’ve made as a society, ultimately discouraging people from using online resources.
Granted, organizations must respond quickly when evidence of a breach shows up on their networks, but oftentimes, significant damage is already done way before detection occurs.This isn’t to say that we aren’t taking positive steps toward prevention of these attacks, but what it comes down to is, if you’ll allow me to turn a phrase, it takes a village.
While organizations are in a mad scramble to fortify their sensitive IT assets, as well as those of their users and customers, there is still another variable to this equation that is sorely lacking, and that is the end-users – be they a corporate employee or consumer.
It is no secret that the ability to use personally-owned devices in the corporate world affords users the freedom to do their jobs from any location on almost any device. Workers in the past never had this much flexibility. But because this is a relatively new phenomenon, users don’t always know how to secure their devices with the latest OS and patch updates, which would help bolster company IT departments’ security postures, and help prevent new threats from gaining a foothold on the network via insecure endpoints. In fact, in a 2014 report, Gartner predicted that the target of endpoint breaches would shift from desktop devices to mobile devices such as tablet and smartphones, which is a direct result of the growing BYOD trend.
Much of the message in the rapidly-increasing number of breach stories today is that companies are stepping up efforts to have their users regularly change their passwords, and more importantly, to use passwords that aren’t easily guessed. From a holistic security standpoint this is certainly a smart move, but from an industry perspective it isn’t anywhere near enough. Requiring employees to memorize complex passwords is poor security policy and, frankly, just won’t happen. Humans are not wired this way.
Enter two-factor authentication
Two-factor authentication (2FA) is a technology that has been around for over 30 years, and was designed to add another layer of protection for users when accessing sensitive data. The concept of two-factor revolves around something the user knows (such as a password) coupled with something the user has (such as a USB token, or in our case, a mobile phone.)
Though 2FA greatly increases the level of security for a user, and by proxy, the network that user is accessing, the technology has often been dismissed because users found two-factor tedious, time consuming and complex.
Worse, early 2FA solutions required users to carry around additional tokens to complete the process, so if a user lost the token, or simply did not have it at hand, access was impossible.
IT teams found traditional two-factor led to hidden costs for replacing tokens their employees washed with their laundry and they dealt with an increase in help desk tickets from those same confused employees.
The next generation of 2FA however, is a game changer. Given that so many people own (and swear by) their personal devices, whether it’s a phone, tablet or wearable, they can now implement 2FA directly on those devices rather than needing to carry a separate device for authentication. This not only ensures that a USB dongle or smart card is not lost or stolen, but it also helps to greatly simplify the process of authenticating onto networks or Web-based applications. And an internet connection isn’t even required in order to authenticate in, which is important for employees who are on the road and in-flight while trying to get work done.
Additionally, with the new generation of 2FA technologies, IT departments gain much greater visibility into the devices accessing their networks. Vital information such as which OS and which version of that OS the device is running and whether a device has the latest patches can help IT administrators better determine whether a particular device should be allowed on the network, or if its access should be limited to non-essential and low-security files. That same visibility is available even for personal laptops and non-mobile, unmanaged devices. A strong endpoint security solution can also help analyze which devices may be running out-of-date or high-risk applications such as Java or Flash. IT now has the necessary information to isolate at-risk devices and require users to update prior to accessing the network.
Regardless of how strong your user passwords might be, relying upon passwords as the single line of defense in securing your networks and personal smart devices is simply not good practice. New endpoint solutions such as next-generation 2FA provide you with much greater visibility and control over devices and data, and make it exponentially more difficult for hackers to compromise your networks. And now, it’s so much easier for your employees to log in and get their work done with a single click of a button on their phone, without having to mess around with tokens at all.