Two Factor Authentication - Is this Something to Consider?
I get a lot of questions about Two-Factor Authentication or Multi-Factor Authentication, and there is some confusion about what it is, how it works and the advantages it gives your business from a security perspective. According to SecurEnvoy, using Two-Factor authentication adds another layer of protection that supplements a traditional username and password model with a code that is individualized each time a user logs into your network. The traditional model of username and passwords, which are still by far the most common methodology in use today, has become increasingly less secure over time. Becoming less secure has happened for many reasons, but the primary driver has been we now have so many passwords or systems we use that require passwords that we can’t remember them all, so we as humans simplify our world and take the easy way out.
So how does a two-factor authentication system work? As with any technology, there are a lot of ways of implementing and using two-factor authentication. Some systems require you to have a physical key fob you carry on your key ring, the system will then send you a six-digit number when you request access to the system, and then you verify your identity by typing in the six-digit number that you received. Other systems work by sending you the six-digit number to your cell phone via a text message, and then there are biometric systems, fingerprint systems along with facial recognition or retina scanning. When selecting technology, you have to understand your users and your culture to choose which type of system your users are going to embrace.
There are lots of things to consider when choosing a two-factor or multi-factor authentication system, some of them are:
- Token Management; when a two-factor system sends the six-digit number that is called the token, and management of those tokens is an important aspect of any system. You should be able to do lifecycle management, manage smart devices, tablets, and other connected devices in a central location.
- Policy Management allows you to set up and manage your corporate policies on how you want the two-factor system to operate. Policy management allows you to design policies that fit your organization and enforces them consistently across your organization and user groups.
- Audit logs, tracking user activity is a big part of any two-factor system; in your selection process, you should make sure that you can track users, times of access, and keyword filtering. Another option that helps get the most of your auditing can export to an Excel file so you can manipulate the data to look for trending management.
- Device Management, as we all know, mobile devices are constantly changing, so it is important to ensure that whatever system you pick will work on Apple, Android, Chrome, Internet Explorer, and FireFox. In some cases if you are in an open-source environment you will need to make sure that it is compatible with your open-source system.
Some companies are hesitating to implement two-factor authentication because they are afraid it will make the system too complicated to use or be too much of a hassle for their end-users. Two-factor authentication does add a couple of steps to the login process, and you will have to wait for the token to arrive via text, or whatever method your provider is sending your tokens. However, many companies have found that the two-factor process is much easier than the complex passwords and having to manage a password vault to store all your passwords. Again it is a matter of understanding your business culture and picking a provider that will best fit your business.
Some good two-factor or multi-factor systems:
- Login TC is one that many of our clients from a corporate perspective have chosen to use, and it is easy to implement, maintain and it is cloud-based so it is very flexible.
- If you are an Amazon user you can log in into your account, go to Advanced Security Settings and turn on their built-in multi-factor system.
- Apple users can go into the Icloud Account Details, Security, and turn on Apple's two-factor authentication.
- Facebook, SnapChat, LinkedIn, Twitter, and Yahoo all have two-factor authentication processes that you can turn on to protect your data.
So does two-factor or multi-factor authentication make your system more secure? The reality is there still is no one-hundred percent secure model. What it does do is make your account less attractive to hackers than someone who is not using two-factor authentication. It is a lot like home security; if you have a well lite house, with a big dog and an alarm system then you are going to be a less attractive target than someone who does not have all those things. Sometimes like other types of crimes they are crimes of opportunity, and you have to reduce that opportunity, and two-factor authentication along with strong password policies, monitoring, and user education will be your best course of action.
By Scott M. Lewis, President / CEO Winning Technologies, Inc.
About the Author: Scott Lewis is the President and CEO of Winning Technologies Group of Companies. Scott has more than 30 years of experience in the technology industry and is a nationally recognized speaker and author on technology subjects. Scott has worked with large and small business to empower them to use technology to improve work processes, increase productivity, and reduce costs. Scott has designed thousands of systems for large, medium and small companies and Winning Technologies goal is to work with companies on the selection, implementation, management and support of technology resources.