Two-factor authentication (or, more generally, multi-factor authentication) is a method of validating the identity of a user, as part of an access control process, which requires more than one identifying factor. One of the most common and most popular examples of two-factor authentication (2FA) is the basic bank card and personal identification number (PIN) used to access cash machines.
There’s a reason that banks require that two-step process before allowing you to get at your money, and it’s the same reason that is driving the broader adoption of two-factor authentication around the world. Basically, the old-fashioned password method isn’t working by itself anymore. Business after business has been compromised through easily guessable, hackable or resettable passwords. Because there’s a limit on both the motivation and the memory capacity of the average user, it’s a problem that isn’t going away.
Multi-factor authentication is a solution that your company is probably going to adopt way sooner than you imagine.
How Two-Factor Authentication Is Coming To Dominate Security Systems
It wasn’t that long ago that two-factor authentication was something you only saw in spy movies. Then the wave hit the crypto-underground. Something you have plus something you know became the bare minimum for hackers. At the same time, businesses big enough to throw their weight around started implementing cryptographically solid two-factor systems. Phishing attacks, that made the vulnerability of password-only systems blatantly obvious, were coming into play.
Today, two-factor authentication is becoming mainstream, but it’s far from ubiquitous. The challenges in deploying secure two-factor systems are still too complicated for SMEs and SMBs, and there’s yet not much of a precedent yet to help their decision-makers. But things are set to change and quickly.
New Options For Multi-Factor Authentication Are Bringing Down Costs and Expanding Choices
With the explosion of smartphone use, it suddenly became much more practical to offer two-factor systems based on apps or even SMS messaging. Equally important, prominent platforms like Google, Amazon, and iCloud have started implementing two-factor authentication both selectively and automatically in certain situations. Try to log in to your iCloud account from a web browser on a new computer and you’ll be prompted to receive a code on one of your already-authenticated devices to verify your identity. For Google, you can choose to turn on 2-Step verification for your account to log in to all services at any time. These are added safeguards for those worried about the security of their cloud-based accounts.
Such practices are getting users used to two-step authentication processes in the normal course of their daily lives. More importantly, they’re providing a backend infrastructure that third parties (including SMBs and SMEs) can also use.
In the US, Google is selling a 2FA hardware security token called the Titan for around £40. Implementing FIDO (Fast IDentity Online) Universal 2nd Factor (U2F) protocol, it’s a cryptographically secure dongle that not only allows you to log in to Google accounts securely, but also to any other online services that support FIDO. These online services include a growing array of banking, investment, gaming, computing, education, and social services, as well as many B2B sites that your company likely already uses.
Since SMBs and SMEs are already moving hard into cloud-based services, FIDO compatibility offers an easy way to upgrade into two-factor authentication company-wide. If Titan isn’t the right solution, there are also software-driven token generators that can run on any popular operating system. There are also some 500 other commercial FIDO solutions if you don’t like Google’s hardware entry.
How You’re Going to Implement Two-Factor Authentication in Your Business
Since phone-based systems are relatively easy to hack or require a cellular signal to work, and e-mail is subject to interception itself, hardware tokens are the right choice for the truly security conscious. But in the spirit of not being the most accessible network on the block to break into, even a basic implementation can be useful.
For companies that have already gone all-in on the cloud, a FIDO-based system is probably best and easiest. Since so many services are already adopting FIDO, you get a lot of protection for minimal upfront investment. If your business is using G Suite, for example, you can completely secure your e-mail, documents, and data for £40 per user.
Windows-based companies have a somewhat more difficult time of it, particularly those hosting most of their services internally or running legacy networks. But Yubico, one of the companies behind FIDO, offers a key that will work with Windows 10 in an Active Directory environment.
There are also open-source packages for Linux and other Unix-based systems that will implement the U2F protocol. Although implementing these requires the usual dive into configuration files and daemons, it’s well within the capabilities of anyone already accustomed to administering *nix systems.
These solutions can get implemented at both the server and the desktop level, an excellent solution for roaming laptops with sensitive data (although a network connection is required for the system to work).
But it’s a solution that doesn’t require 100 percent coverage, so 2FA is the perfect candidate to rollout against highly sensitive services or data sources on a case-by-case basis. That’s also a great way to get your user base in line with the new procedures without completely up-ending their workflow with a significant transition.
Your company probably will be implementing two-factor authentication shortly – or if not, you may well wish that you had. We can help you out. Four Business Solutions helps small and multi-national organisations enrich the way they work. From Supply Chain to Procurement and Contract Management, we have decades of experience helping companies forge ahead in the global market.