Protecting organisations and users with Two Factor Authentication
Cyber security experts have reviewed the methods criminals use to hack organisations and have found that organisations who deploy Two Factor Authentication are significantly safer than those who do not.
Why we need Two Factor Authentication
With much of our business carried out electronically we have become more open to criminals.
Hacks, data breaches and other forms of cyber-crime are growing and evolving, which means new ways to keep company data secure is more important than ever. A strong password is a great form of defence but if that is compromised or bypassed then the criminal can achieve unlimited access.
Two Factor Authentication is a security process that includes a second way to verify yourself online, it is also known as ‘TFA’, ‘2FA’, ‘Two-Step’ or ‘Verification’. TFA requires employees and other authorised personnel to prove their identity and qualifications to access certain files or systems in addition to the password – for example you enter y a password on your computer and a verification code is sent to your phone by text.
With TFA stolen passwords are no longer enough on their own to breach an organisations data with this second layer of cyber-security for organisations. TFA keeps criminals at bay and helps to protect systems, customer files and other sensitive information.
How to know when to set up Two Factor Authentication
The National Cyber Security Centre (NCSC) recommends organisations set up two-factor authentication on any ‘high value’ accounts that protect important information.
The NCSC also recommends that companies set this up for email accounts in order to avoid a hacker accessing an email account to reset passwords and usernames.
Two Factor Authentication can also be requested by Cyber Insurance providers to mitigate the risk of a cyber security incident because they have seen the consequences of not having TFA.
How to set it up
Two Factor Authentication may already be enabled by many online services, or it is a setting that can be easily turned on in the account settings.
For businesses wanting to include TFA into their business there are a few options available such as:
- Text Messages – a text message is sent to the user’s phone number that has previously been set up as part of the two factor authentication process, the message will typically include a verification code that needs to be input into the system to conclude the login process. This is not always 100% secure as cyber-criminals could have intercepted your mobile, SIM card or mobile network.
- Authentication Apps – Apps for mobile phones or tablets are the most common alternative means of two factor authentication after text messages. The benefit of these apps is that they do not rely a mobile signal to work.
- Backup Codes – Some online services can provide users with a list of backup codes for two-factor authentication. Each code can only be used once but works well if there is no reliable access to a mobile phone.
It would be beneficial to discuss the options with a cyber-security professional to determine the best one for your needs.
For more information and specialist advice on Cyber Insurance, and the use of Two Factor Authorisation for your organisation, please call us 01905 21681.