What is 2-Factor Authentication and Why Do I Need It?

If you’ve got a business network that employees can access for data, especially if you allow your employees to access it through their own devices (BYOD), network security should be one of your top priorities. One of the cheapest, easiest ways to encourage security among your employees is to promote 2-factor authentication (“2FA”).

What is two-factor identification?

In two-factor identification, in order to access a program, a user must provide proof of his or her identification using a combination of two different components. These components may be something that the user knows (e.g., a PIN, password, or keycode), something that the user possesses (e.g., a security badge, card, or key), or something that is inseparable from the user (e.g., a fingerprint, voice print, or retinal scan). For example, in order to access a vault, perhaps a user would be required to swipe an authorized key fob and enter a combination on a keypad.

Two-factor authentication can prevent unauthorized users who don’t have both of the components from improperly accessing your accounts, information, and data. For example, a thief cannot use your bank ATM card to steal money from your bank account unless he also possesses your PIN. However, if you don't have two-factor authentication implemented, a hacker who acquires just your username and password may be able to access your bank account, email, Unified Communications services systems, social media accounts, or programs you use to remotely access your company’s network. 

How do I implement 2FA to keep my data safe?

One simple form of 2FA is requiring that a user enter a code sent to them by email or text (to the address or number on file with their account) after they have correctly entered their username and password. Many common programs offer this or a similar kind of two-factor authentication as a free, included service which is inactive as a default setting but can be easily activated by each user. You can find numerous online resources and websites outlining whether your programs have the feature and, if so, detailing instructions on how to activate it. Cloud computing services like Google Cloud, Clio, and Amazon Web Services have it built-in, as do remote computer access services like LogMeIn, Amazon AWS WorkSpaces, and TeamViewer. It's free, easy, and takes only a few minutes to set up.

The biggest complaint about two-factor authentication is that it is time-consuming to enter both steps every time you log into an account. But many users don’t realize that a common setting of two-factor authentication allows a user to authorize specific devices as “safe” after the initial 2FA is complete. This means that they don’t have to enter both authentication steps on those devices each time, while requiring both 2FA steps on all other (non-authorized) devices. It only takes a few minutes to increase the security of your sensitive information without significant future inconvenience. 

Encouraging, incentivizing, or requiring your employees to implement two-factor authentication on the programs and devices they use to access your company’s sensitive information and data network is a simple, cost-efficient way to add one layer of security to your systems. If you’re not doing it already, now is the time to start.