Updated: Feb 16
With cybersecurity threats becoming more widespread and sophisticated than before, the need for more stringent measures to ensure a more effective security online has been of utmost importance. As such, there have been various technologies introduced aimed at improving cybersecurity. Of these technologies, one of the more well-known and is being adopted at a increasing is the two-factor authentication (2FA).
Definition and importance
Two-factor authentication requires the user to validate their identity (called a “factor”) twice using different methods: first, the traditional username and password combination and second, using another method which we will detail in a bit. This allows for greater security in accessing one’s online account such that even if the username and password is breached, those trying to illegally access the account will still find it difficult to access thanks to the second factor in place.
This has proven to be invaluable especially during the COVID-19 pandemic which forced many businesses to set up remote work operations that left many remote workers more vulnerable to cybersecurity threats. Businesses that have set up their security to 2FA found their networks were less susceptible to cyber attacks that would have otherwise cost them millions.
Types of two-factor authentication
There are a number of different types of 2FA factors that an organization can use. Some of the common authentication types are the following:
1. SMS/text messages and/or emails
Every time a user enters the username and password, an authentication code is sent to the user’s mobile number and/or email address, depending on the user’s preference which was set beforehand. The SMS and/or email contains a code that the user must enter within a limited time upon receipt of the message in order to successfully access the account. However, this factor has a security risk as some sophisticated hackers may be able to hack a mobile device or computer to gain unauthorized access to an account. For this reason, organizations are encouraged to steer clear of SMS or email authentication unless employees are using secure, corporate-issued devices.
2. Authentication applications
Users trying to log in to an account are being directed to enter a code provided by an authentication app like Google Authenticator or the like. This code is time-sensitive and it automatically resets to generate another code once the previous code expires. As an alternative, a user can also set up their device to receive a push notification from the authenticator app telling them the verification code.
3. Biometric authentication
With mobile devices now offering front-facing cameras and, in some devices, fingerprint sensors, biometric authentication has become one of the most widely-used authentication methods. It also helps that using biometrics do not require having to enter or paste codes from elsewhere or do anything else either than to look at the front-facing camera or pressing on to the display to authenticate one’s identity. As a security measure it is highly effective as it is difficult to replicate one’s voice or fingerprint.
4. Hardware tokens
Hardware tokens are keychain-like fobs that produce a numerical code every 30 seconds. In a way, they act like physical authenticator wherein the user enters the code provided by the item when prompted in order to access the account. Hardware tokens are expensive but they are extremely secure and are difficult to hack.
5. Software tokens
Software tokens are like authenticator apps as well in which an organization software program, which generates a random login code for the account. These tokens only display the code for a limited amount of time, between 30 seconds and one minute.
How to set up 2FA
For organizations that are looking to set up two-factor authentication for their internal systems, it is important that this is set up properly to ensure maximum efficiency and protection. Here are the steps needed to be done to accomplish this:
1. Determine which accounts to protect through 2FA
For organizations investing in a SSO or IAM solution, it would make sense to secure all connected business accounts with multifactor authentication. If a full setup is not feasible for one reason or another, it is crucial to identify the accounts that need to be reinforced with added protection.
2. Ensure the current infrastructure and software are compatible with 2FA
It is important that the operating system and infrastructure are able to support 2FA and that all devices that will be accessing the network with the 2FA in place should run the same operating system or at least run on a compatible OS. It is also important that the devices are up-to-date at all times and that, if needed, should have the recommended software or app as may be required by the 2FA for it to function properly.
3. Decide which factor works best for your organization
In identifying the 2FA method to be used by the organization, it is important to take into account the current security setup to access the network as well as the preferences of the people within the organization. For instance, if users access the network through devices that don't support biometric solutions, it makes sense not to use biometric-based 2FA.
4. Implement a deployment strategy
Before rolling out the new 2FA solution, it is important to give the people in the organization advance notice. Clear instructions for setting up 2FA should be provided and IT support should be readily available if needed.