There was a time when a moderately complex password was enough to provide security from most cyber attacks. Unfortunately, that’s no longer the case. Today there are numerous internal and external threats to your computer systems and accounts. Fortunately, two-factor authentication provides a solution that is both easy to implement and more secure than using a single complex password.
Here’s a typical example. A company’s IT department requires passwords to meet a certain set of criteria, like adding a number or symbol. Passwords that look like “Da&t5^12Xc” are far better than “princess.” But most of us cannot easily remember complex passwords. To make matters worse, by the time you memorize that complex password, it’s time to change it again, since most companies require (or should require) passwords to change every few weeks.
When passwords become complex or must be changed frequently, we usually write them down on paper. A password stashed on a sticky note in a drawer, or taped to the monitor, is essentially worthless when it comes to protecting the business from inside threats. Anything left in your office is vulnerable to a disgruntled employee, a less than scrupulous housekeeper, or a curious teenager at the office for bring-your-kid-to-work day. A stolen password puts you and your company at risk. Customer lists can be stolen or sensitive emails read by the wrong person, and the damage can go on for years without anyone noticing.
Two-factor authentication removes these burdens and reduces cyber risk by combining something you know, a secret password, with something in your possession, a physical device (often your cell phone) that produces a random code that constantly changes. When these two factors are combined, a very strong password is created.
Looking at our example above, we can see how two-factor authentication is both easier and more secure than using one complex password. The password “princess” is not very secure when used by itself. But, when it is combined with a random six-digit code to become “princess965642”, it is almost as secure as “Da&t5^12Xc.” Using the two-factor process is easier because you only need to remember the first factor (“princess”). It is more secure because the second factor, the random six-digit code, changes continuously. Plus, even if someone stole your code-generating device, the random code is worthless without knowing the first factor.
Email is a great place to get started with two-factor authentication. Why? Because email is such a commonly used communication and document exchange tool that sensitive customer, employee, and other confidential data will almost certainly be exposed if email accounts are not kept secure. The good news is that all major providers of cloud-based email (Google, Microsoft, Apple, Yahoo, etc.) offer two-factor authentication at no additional cost. If your company is not using an email system that supports two-factor authentication, then it is time to think about making a change. The same is true for your home email as well.
Rarely do we find a cybersecurity measure that makes life easier and more secure, but two-factor authentication scores high on both measures. In the workplace, strong password management goes a long way towards reducing the likelihood that someone is reading your emails or documents, making it much less likely that the company will suffer an expensive, embarrassing, and possibly detrimental security breach. If you want to know just how much your company has at risk for these types of adverse events, head over to the Threat Sketch Risk Assessment. We offer free and affordable cybersecurity risk assessments, tailored to your specific business, that help business owners and executives prioritize, budget, and manage cybersecurity expenses. If you are not quite ready to take the Risk Assessment but want to learn more about cybersecurity issues, check our Client Education, to learn more about Threat Sketch visit our methodology page.
About the Author Rob Arnold : Rob, founder and CEO of Threat Sketch, has worked in internet security for over 20 years, including launching his own consulting firm to provide executive IT and security consulting to small, medium and Fortune 100 companies.