“Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers.” – Chris Pirillo, Tech entrepreneur and thought leader
Over the past decade, the world has witnessed massive technological progress. From Artificial Intelligence and Blockchain to Augmented Reality and Computer Vision – we live in truly exciting times. But another sober reality is intruding on this excitement – the rise in cybercrime. In the recent past, a host of new and sophisticated cybersecurity threats have evolved, which has put organizations all over the world on high alert. In an effort to mitigate these threats, and to protect their networks, applications, and data from hackers and fraudsters, organizations are constantly looking to strengthen their IT/cybersecurity armory with newer weapons. One such weapon is two-factor authentication (2FA).
Bye-bye single-factor authentication
Traditional password-based systems are single-factor authentication (SFA) systems that require only one factor – a password – for user validation and authentication. This approach is simple but in today’s complex technological environment, it is both inadequate and highly risky. Most people don’t bother to create strong passwords (123456 is still exceedingly popular!), they don’t store them securely and often reuse them across accounts. These human weaknesses are what make passwords ridiculously easy to guess, intercept, and steal. Result: compromised accounts and everything that entails!
Here’s where two-factor authentication delivers an extra layer of protection for user accounts that traditional password only-based systems simply cannot provide. Sometimes referred to as two-step verification or dual-factor authentication, 2FA systems require users to provide two factors, often an alphanumeric password and a One-time Password (OTP) code. Other factors such as fingerprints, voiceprints, or retinal scans are also used, although they are not as common as passwords and OTPs.
Although not impregnable or as effective as multi-factor authentication (MFA), 2-factor authentication does significantly decrease the risk of bad actors gaining unauthorized access to a system, device, or account through phishing attempts, social engineering, keylogging or password brute-force attacks. This is one reason why many organizations that collect and/or store ‘personal data’ in virtually every industry – from retail, banking, and healthcare to education, media, and travel, to name but a few – are incorporating 2FA into their security ecosystems. Even governments are embracing 2-factor authentication to secure their networks and to protect the people who rely on their services.
What are the other reasons for the popularity of two-factor authentication? What are its benefits?
What are the benefits of two-factor authentication?
Two-factor authentication offers a number of benefits for both organizations and end-users.
Benefits for organizations
i. Improved security and fraud prevention
We already know that passwords are notoriously easy to intercept and steal. 2-factor authentication provides an effective means to mitigate this challenge because it does not rely on passwords alone. By using a second factor such as an OTP or a ‘biometric’ characteristic like fingerprint or voiceprint, 2FA is more difficult to crack, thus decreasing the probability that a bad actor can gain unauthorized access to a system.
Furthermore, when 2FA is enabled via a device (say, a Smartphone), the criminal needs to have access to both the password as well as the device – a highly improbable eventuality. This further decreases his chances to impersonate the user and perpetrate any kind of fraud.
Finally, multiple layers of 2FA can be implemented for separate actions, such as password + SMS for account access and SMS + fingerprints for transactions. This minimizes fraud risk even more.
ii. Reduced helpdesk operating costs
Password reset requests are among the most common reasons behind support calls to IT helpdesks (35-40%, according to industry research group HDI). This is not only time-consuming but also costly. By replacing passwords with a 2FA approach, organizations can provide a safe and secure way for users to reset their own passwords. This means fewer password reset calls, which can reduce the time pressure on helpdesk personnel staff while also reducing operating costs for the organization.
iii. Increased employee productivity
A lot of organizations are embracing mobility to improve their business processes and boost workforce productivity. 2-factor authentication can play a significant role in realizing both benefits.
With mobile-based 2FA, employees can work remotely from virtually anywhere and securely access enterprise applications, data, and documents without risking the organization’s network or its sensitive, business-critical information. This gives them the flexibility to manage their time better which improves their productivity. It can even increase employee retention – a huge boon for organizations everywhere.
iv. More meaningful customer relationships
Cybercrimes like data theft, fraudulent transactions, or outright identity theft don’t affect organizations or end-users in isolated ‘silos’. They also adversely impact the relationships between these users and organizations, regardless of whether or not the organization was directly responsible for the breach. Because 2FA provides an additional layer of protection for organizations as well as for customers and their transactions, it indicates that the organization is making an effort to protect their customers. This often results in increased customer loyalty and creates more opportunities for meaningful customer interactions, which then results in better customer retention and increased repeat sales.
Benefits for end-users
i. Data/account security, fraud prevention, and identity protection
Users also benefit from the increased security provided by 2-factor authentication. In an SFA system, a breach could mean irreversible loss of control which could result in a long process of account recovery (which is not always successful) or even permanent account closure. But with a 2FA system, even if their account is hacked and their password is stolen, users can still regain and retain control over the account by changing the password.
Cases of identity theft are increasing at an alarming rate, particularly in the US. The monetary value of such frauds is also constantly increasing ($16.8 million in 2017 according to the 2018 Identity Fraud Study by Javelin Strategy & Research). Non-password-dependent 2FA makes it more difficult for bad actors to steal identities and thus reduces the risk of identity theft.
i. Greater convenience
In addition to security, the dual-level authentication provided by 2FA enables users to log in to their accounts without a password if the two factors are, for example, an SMS PIN and a fingerprint. This is a more convenient way to access accounts in the modern era where every user has a multitude of accounts and already a plethora of passwords to keep track of.
Benefits of two-factor authentication for BYOD
BYOD or Bring Your Own Device is an increasingly popular practice with organizations and their employees all over the world. It refers to employees using their own devices – such as a Smartphone or laptop – to access the company’s network, documents, and data, either from the company’s premises or from a remote location. This empowers them to connect to work resources on the go and maintain flexible schedules that can increase their productivity and work satisfaction.
However, BYOD can also present some serious security challenges to the organization. Two-factor authentication can help mitigate these challenges so organizations can take full advantage of BYOD’s benefits.
Some of the critical BYOD elements that 2-factor authentication protects include:
- Email attachments: Even if attachments contain malware, users can protect their credentials and devices by confirming every login attempt with 2FA
- Cloud storage: Cloud users can validate every login attempt with 2FA on their personal devices from anywhere
- Open WiFi networks: 2FA protects users on open WiFi/public networks from attempts to steal their username and/or password
- Protection from Man-in-the-Middle attacks: Even if a password is compromised by a MitM attack, 2FA does not allow the hacker to ‘spoof’ push notifications to the user’s device and compromise it
Usually, 2FA works in exactly the same way when a user is traveling as it would when they are at home or at work, making it both a reliable and convenient authentication method.
The safest two-factor authentication methods
As 2-factor authentication has entered the mainstream, a number of methods have become available to expand its scope of reliability and convenience:
- U2F (hardware) token OTP
- Cell phone OTP via SMS and/or voice calls
- Email OTP
- Cell phone ‘push’ notifications
- Software tokens aka mobile authenticator apps aka Time-based OTP (TOTP)
- Helpdesk OTP
There are some variations in the safety and security offered by each method. In general, software tokens or TOTPs offer the safest and most convenient method for two-factor authentication.
In modern times, consumers and employees all expect unprecedented levels of digital convenience at work and at play. This opens the door for huge business opportunities for organizations, but it also raises some serious security challenges. Two-factor authentication technology provides the means to address these challenges by empowering organizations across many industries to secure their networks and user endpoints.
If you would like to explore 2FA as a security option for your organization but don’t know where to start, a Verifapp representative can help. Get in touch to know more.