Having a username and password has traditionally been the standard authentication strategy, but in light of the latest industry developments and vulnerabilities, should businesses apply two-factor authentication as the default login process?
A recent flood of hacking has thrown traditional data protection methods under scrutiny, particularly after health insurance company Anthem was targeted, exposing the private medical information of some of its 40 million US customers and employees. Information stolen included names, email addresses, birthdays, wage information and street addresses.
As criminals are becoming more sophisticated in their hacking methods one one-factor authentication is more vulnerable than ever.
What is two-factor authentication (2FA)?
Two-factor authentication requires users to have two types of credentials before being able to log onto an account. Two-factor authentication typically asks the user to confirm that it is, in fact, themselves trying to access the account.
Examples of this include:
- A pin number or password sent via text
- A phone call giving a code
- A fingerprint
Could you hack two-factor authentication?
To hack an account protected by two-factor authentication, the hackers must gain access to the physical feature that is being used to send the information (e.g. a mobile phone). CNET also states that the second way a hacker can gain access through 2FA is by gaining “access to the cookies or tokens placed on the device by the authentication mechanism. This can happen in several ways, including a phishing attack, malware, or credit card-reader skimming.”
Is 2FA perfect?
No, but it is certainly more secure than 1FA and makes the job of a hacker difficult. Should it be the norm? Yes. Any additional layer of protection for your data is a necessity in today’s environment, and protecting your cloud environment has never been easier, so there is no reason not to.
