May 17, 2016
Password security isn't enough to protect your organisation. To secure your data, and ward off attack, it's time to roll-out two factor authentication. Today, we're looking at 5 helpful tips for implementing safe and secure two factor authentication.
The Problem with Passwords
When we talk about cyber security, most organisations think the buck stops with their password systems.Unfortunately, insecure passwords are a serious problem in most organisations. If even a handful of employees choose to use '12345' or 'password' for their login credentials, it becomes extremely easy for a malicious third-party to guess their login information, and access secure systems. Worse still, logins are often repeated across multiple systems - providing access to vast quantities of sensitive data in one fell swoop.
What is Two Factor Authentication?
Two factor authentication (or 2FA) is a two-step login process that provides organisations with an extra layer of security. In addition to a password requirement, logging in to a secure system, or piece of software, requires an additional form of authentication: typically some kind of physical verification that only the intended user can provide.This means that would-be attackers require more than just a stolen password to gain access: they also need to physically verify their identify, using a card, token or similar device.
Tips for Implementing 2FA
1) Ensure Two Factor Authentication is Necessary
The addition of two factor authentication will boost your organisation's security - but as with any new initiative, it'll incur additional costs, require additional time, and increase the complexity of your system design.With that in mind, it's important to ensure that 2FA makes sense for your organisation. This is typically the case for any applications that handle sensitive data, or perform critical business functionality - with the additional layer of security more than offsetting the increased cost.
2) Choose the Right Type of Authentication
Two factor authentication comes in a wide range of shapes and sizes, with different methods of authentication having their own sets of pros and cons.
- Physical Device authentication uses keys, smart cards or USB tokens, unique to each individual user.
- Smartphone authentication is the most common form of 2FA, and typically sends a time-sensitive single-use code to an employee's personal device.
- Memory authentication relies on the unique knowledge of each user: requiring them to recall a password, PIN or piece of memorable information to gain access.
- Biometric systems commonly use finger prints, voice recognition or retinal scans to verify users. Though effective, these systems can be prohibitively expensive for most organisations.
3) Avoid Cookie-Based 2FA
Many vendors rely on cookies on the client machine as their second verification factor. Unfortunately, this type of approach isn't true two factor verification:
- Cookies can only validate the identity of the machine, and not the individual user.
- Cookies aren't sufficiently separate from the security of the underlying platform, in the same way a physically separate device would be.
4) Shop Around
There are a handful of 'big name' providers in the 2FA market, but increasingly, a growing number of software-as-a-service (SaaS) providers are offering secure two factor authentication in a extremely cost-effective way.If you've previously been put-off from purchase by the apparent expense of a two factor system, it might be worth investigating some of the newer entrants to the market.
5) Educate Your Employees
No security system is infallible, and there's no substitute for a well-informed, security aware workforce. By educating users and employees about the best practices of cyber security, you add another line of defense to your systems - reducing the likelihood of weak passwords, lost devices, and unnoticed suspicious behaviour.