Why It’s Vital to Use Two-Factor Authentication for All Company Logins
One of the hottest commodities on the Dark Web are login credentials. Stolen Office 365 company username/password combinations can go for anywhere between $15 to $100, depending upon the company size and administrative privileges.
The reasons passwords are so lucrative for cyber criminals is that they can often get a hacker past certain security and into a treasure trove of sensitive information and client or user databases.
User passwords are compromised in a number of ways:
- Though password hacking software
- From weak user password practices (too easy passwords, reuse of passwords)
- Hacking an admin password to gain access to other user login credentials
- Data breaches at large retailers that involve their database of user logins
With those stolen login credentials hackers can steal money by accessing mobile wallets or other money-related sites or apps, access Office 365 email and send out phishing from a company account, or conduct any number of other criminal activities.
One of the best ways to combat compromised passwords is through the use of two-factor authentication (2FA)
Why is Two-Factor Authentication So Important?
While most people understand the importance of creating strong passwords and not reusing the same password in multiple places, many adopt poor password habits regardless.
According to the 2019 State of Password and Authentication Security Behaviors report, 51% of employees surveyed reuse passwords across business and personal accounts. Of those who have experienced a phishing attack, 57% have not changed their password behaviors afterwards.
Two-factor authentication (also referred to as multi-factor authentication) is a way to protect humans from themselves. While people know they should be using better password habits, many don’t because they simply have too many passwords to keep up with on a daily basis.
Using 2FA protects the accounts someone is logging into by keeping out a hacker even if they have the login name and password.
How Does Two-Factor Authentication Work?
Authentication for access to an application or website can be done using three main categories:
- What you know: A username and login combination or challenge question
- What you have: A smartphone or other device that can receive an authentication code
- What you are: A fingerprint or retinal scan
The default for most accounts that we set up, whether it’s an online banking account or our company’s CRM program is to use the first factor of authentication, a username/password combination.
When two-factor authentication is enabled, it adds a second step before allowing you to gain access to an account. That step is generally the second factor “what you have.”
Common forms of 2FA are:
- A code that is sent to your smartphone via text or through an authenticator app
- A code that is sent via onscreen alert to a designated device (mobile or PC)
- A code that is sent to a small device, or security key, that is designed only for that purpose (often used by financial institutions)
How is 2FA Enabled?
Most cloud service accounts, like Google, PayPal, Office 365, bank accounts etc., will offer the ability to turn on two-factor authentication. While some do, most do not have it on by default, so you need to look in your application settings to enable it.
When you do this, you’ll set up a mobile phone or other device at that time to receive the code that needs to be entered upon login.
For companywide accounts, like Office 365, administrators can turn on a feature that requires multi-factor authentication for all users.
There are also applications that can manage 2FA across multiple applications, so users have a consistent experience no matter where they are logging in.
Success Rates of Two-Factor Authentication
2FA is such a vital part of your company’s data security strategy because it can significantly reduce data breaches and malware infections that result from compromised passwords.
Google and researchers from two universities conducted a year-long study of the effectiveness of two-factor authentication, and here’s what they found.
- Using an on-device prompt for 2FA:
- 100% of automated bot attacks were stopped
- 99% of bulk phishing attacks were stopped
- 90% of targeted attacks were stopped
- Using an SMS code prompt for 2FA:
- 100% of automated bot attacks were stopped
- 96% of bulk phishing attacks were stopped
- 76% of targeted attacks were stopped
- Using a security key prompt for 2FA:
- 100% of automated bot attacks were stopped
- 100% of bulk phishing attacks were stopped
- 100% of targeted attacks were stopped
The success of two-factor authentication shows that it’s a very effective way to keep accounts from being compromised, which makes it important for companies to deploy in their cybersecurity strategy.
Strengthen Your Defenses with a Free Cybersecurity Assessment
Does your company use 2FA for all your business apps and website logins? How strong is your overall cybersecurity hygiene? Don’t leave yourself open to a data breach, get a free cybersecurity assessment and find out where you stand.
Schedule your free assessment today! Call 407-536-8381 or reach us online.