BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

What You Need to Know About Two Factor Authentication

Everything You Should Know About Two Factor Authentication

Does your business use 2FA? With the prevalence of data breaches today, it’s time to start employing this simple security feature within your business.  


Without a doubt, you’ve read and heard about the rampant cybersecurity problems that are insidiously plaguing businesses today. Municipalities in places like Florida, South Carolina, and elsewhere are having access to their systems denied unless they pay hundreds of thousands of dollars. Businesses of all sizes and in all industries are being shut out of their data until they do the same.

As a business owner or manager yourself, you are probably concerned about whether your organization will fall victim to the same fate. What can you do to prevent a cybersecurity attack?

You may be surprised to know that the fate of your business’s security probably lies within a straightforward thing that you and all of your coworkers and employees use every day: passwords.

The fact of the matter is that most people in your business are putting your data and systems at risk every day with the weak login credentials they use. That is, many people use the same password for all of their accounts — both personal and business related. Furthermore, many people use passwords that are way too simple and easy to guess by hackers — the name of the street that they live on, the name of their pet, their date of birth, or their anniversary date.

It’s hard to stop people from doing this because most employees don’t think that their password really matters. They assume that it will never be guessed by anyone (how could it be?), and as long as they don’t share it with anyone, it’s good enough to keep would-be cybercriminals at bay.

Unfortunately, this is not the case.

The only way to indeed keep hackers from guessing passwords or using high-tech trial and error algorithms to uncover passwords is to use two-factor authentication, also known as 2FA.

What Is 2FA?

2FA or two-factor authentication is a security system that forces users to have two proofs of identity before they can log in to a database, program, computer, or network. This is a system that you should be using at home and within your business.

As the name implies, there are two elements of two-factor authentication. First, the user must provide something they know. This could be a password or passcode, a pin number, or the answer to a secret question.

Next, the user must provide proof of something they have. For example, the two-factor authentication prompt may ask that the individual put in their credit card number (because their credit card number is something they possess). Likewise, some organizations will give each individual employee a security token that actually stays in their possession. This might be an RSA security device, a Google Authenticator, or something else. This device will be activated when prompted during login and will provide a passcode or pin that changes frequently. Another option is biometric authentication, such as an iris scan, voiceprint, or fingerprint.

Has Your IT Services Company Spoken to You About 2FA?

As the owner or manager of your business, it shouldn’t be your responsibility to ensure the security of your sensitive data and network systems. This responsibility falls on the shoulders of your IT services company, and within their security division, one of the pillars of a robust cybersecurity strategy should be two-factor authentication.

If your IT services company has not spoken to you about employing a two-factor authentication system, don’t wait to ask them about it. The foundational necessity of this simple security measure suggests that if they haven’t already employed it, they’re probably not doing their job in other ways.

In that case, it’s time to find a new managed services provider. Give us a call, send us an email, or visit our website today to learn how we can help.

Two Factor Authentication

More Like This

AA20-266A: LokiBot Malware

Original release date: September 22, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) with contributions by the Multi-State Information Sharing & Analysis Center (MS-ISAC). …

AA20-266A: LokiBot Malware Read More »

Read More

AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities

Original release date: September 15, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI). CISA and …

AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities Read More »

Read More

AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

Original release date: September 14, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies. CISA has observed these—and other threat actors with varying degrees of …

AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity Read More »

Read More

AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity

Original release date: September 1, 2020 Summary This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[1] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[6] It highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The purpose of …

AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity Read More »

Read More

AA20-239A: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks

Original release date: August 26, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), …

AA20-239A: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks Read More »

Read More

AA20-227A: Phishing Emails Used to Deploy KONNI Malware

Original release date: August 14, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA) has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic …

AA20-227A: Phishing Emails Used to Deploy KONNI Malware Read More »

Read More