2FA – yet another IT industry acronym – is short for ‘two-factor authentication’. Increasingly common, this technology is an extremely important safeguard which can be deployed with minimal effort to better protect your systems and data. But what is 2FA?
Historically all you needed was a username and a password to access protected resources – single-factor authentication. But this means that a hostile third party only has to steal one password to impersonate a genuine user.
The solution is to add additional logon factors as part of the verification process. Often this is in the form of a ‘one-time password’ (OTP) that is sent to another device or account registered to the user. The OTP can be sent in several ways, including:
- SMS text message
- Smartphone app push notification
- Hardware token
- Biometric verification
- Authenticator app
What is 2FA?
The user then enters the additional one-time password when challenged during login.
Security professionals often describe two-factor authentication as a combination of something the user knows (their password) and something they have (the one-time password).
For even greater protection, you can add additional layers of protection – multi-factor authentication (MFA). So, you could require a hardware token and an SMS OTP to accompany the usual username and password combination.
Why should your business care about 2FA?
The 2FA process takes slightly longer, but it is exponentially more secure because hackers must steal an additional account or device to intercept the OTP. Hackers will typically target low-hanging fruit, targeting systems that can be easily compromised – which rules out those protected by 2FA.
2FA is also an important defence against basic phishing attacks. If one of your users clicks a link to a phishing website, they will only be tricked into handing over one factor, their password. The hackers will still not be able to gain access to the final key – the one-time password. The same is true of leaked credentials lists and credential stuffing attacks – neither will be effective because they lack the OTP.
How can you get started with 2FA?
Two-factor authentication is often built into popular applications and platforms, making it relatively easy to deploy. Those systems that do not may require a third-party add-on.
To learn more about 2FA and how your business can get started with strengthening its logon processes, please give the WTL team a call.