Cyberattacks are on the rise. Tech Republic notes that malware makers are leveraging more ransomware to steal user data, and in most cases it takes only a few minutes to breach desktops or mobile devices.1 Many companies now leverage the benefits of two-factor authentication (2FA) to reduce the chance of corporate compromise. Biometric Update reveals that 93 percent of companies use 2FA to secure at least one critical application.2 For individual users, meanwhile, it often seems like too much trouble to implement another security solution—aren't complex passwords good enough?
So what exactly is 2FA, and how does it help protect your data?
The password problem
Usernames and carefully chosen passwords are the best way to safeguard email accounts and mobile devices, right? Not really. According to Time, users have a habit of picking easy-to-remember passwords that are also incredibly easy for hackers to guess.3 Among the worst passwords for 2017 were "Password," "123456" and "starwars." Passwords are often used across multiple accounts, making it possible for attackers to compromise one after the other in quick succession.
While some tech experts have suggested that the password is "dead" and should be abandoned as a security tool, its familiarity and simplicity make it a critical part of the security landscape. That's where two-factor authentication comes in handy.
Two-factor authentication can be broken down into two categories: something you have and something you know. Credit cards are a perfect example. The first factor is your credit card, something you have. The second factor is your PIN, something you know. Combining the two significantly reduces the chance of someone using your card without your permission.
CNet indicates that the biggest benefit here is that even if hackers manage to figure out your username and password, they can't access the two-factor authentication. This, in turn, keeps them out of your accounts.4 Additionally, many services will notify users if 2FA data is entered incorrectly or if attackers attempt to circumvent this protection.
The benefits of two-factor authentication
For users, the biggest concern about two-step verification is its complexity. Will implementing two-factor controls make it more difficult to access accounts? Will the process take longer? As noted by Wired, popular myths about 2FA include the idea that leveraging this solution on a single device isn't possible, that users must possess at least two mobile devices to make this feasible.5 In reality, implementing two-factor authentication for popular services isn't difficult at all.
Consider the Google Authenticator app: one download, a quick setup and access to your Google account requires a code generated by the authenticator app on your phone. If you lose or somehow break your phone, Google lets you create a backup code that offers emergency access. Many web services now leverage the Google Authenticator—you simply scan a bar code or provide a key from the website to create an authenticator link.
What happens if you don't use 2FA? Account takeover attacks are becoming more popular as users choose to store personal information online, access financial services and make high-value purchases. If attackers can guess your password or compromise your account, you could face everything from identity theft to credit card fraud.
Companies are using two-step verification for good reason—it works. Passwords are no longer enough on their own, and even complex passwords won't stop determined hackers. Adopting a second "factor" for security reduces the chance of compromise with minimal impact on ease-of-use. The benefits of two-factor authentication far outweigh the minor inconvenience of app downloads and SMS codes.
1) Rayome, Alison DeNisco. "Ransomware reigns supreme in 2018, as phishing attacks continue to trick employees." Tech Republic, April 9, 2018. Accessed April 10, 2018. https://www.techrepublic.com/article/ransomware-reigns-supreme-in-2018-as-phishing-attacks-continue-to-trick-employees/
2) Burt, Chris. "Gemalto survey shows biometric and two-factor enterprise access control ramping up." Biometric Update, March 16, 2018. Accessed April 10, 2018. https://www.biometricupdate.com/201803/gemalto-survey-shows-biometric-and-two-factor-enterprise-access-control-ramping-up
3) Grossman, Lena. "The Worst 25 Passwords of 2017." Time, Dec 19, 2018. Accessed April 10, 2018. http://time.com/5071176/worst-passwords-2017/
4) Elliott, Matt. "Two-factor authentication: How and why to use it." CNet, March 28, 2017. Accessed April 10, 2018. https://www.cnet.com/how-to/how-and-why-to-use-two-factor-authentication/
5) Fenton, Jim. "5 Myths of Two-Factor Authentication." Wired, April 1, 2013. Accessed April 10, 2018. https://www.wired.com/insights/2013/04/five-myths-of-two-factor-authentication-and-the-reality/