Consider Two-Factor Authentication as Part of an Overall Cybersecurity Posture

Two-Factor Authentication

Nowadays, passwords – no matter how formidable – may not be nearly enough to protect your information. With all the critical information we store online, Two-Factor Authentication adds an important security step to help your devices confirm that the person trying to log in is, well, you.

Find Safety in Something You Know, Something You Have, Something You Are

Passwords have become the keys to your kingdom, so you know it’s important to make them strong to prevent unauthorized access to your information. But even a strong password can be broken by a diligent cyberattacker, or the service itself might experience a breach. In either scenario, your password becomes next to useless – unless you have another layer of protection in place.

Two-Factor Authentication (2FA), a subset of Multi-Factor Authentication, requires an additional step to prove your identity. 2FA creates a more secure authentication scheme by combining two of the primary authentication methods:

  • Something you know, typically a password.
  • Something you have, usually a code generated by a smartphone or security token.
  • Something you are, often a fingerprint or other biometric.

A common method is a code generated by a smartphone app. After you enter your password, you’ll be prompted for your 2FA code from the app, which refreshes regularly. Some services send codes via SMS rather than an app, which is less secure but still better than no 2FA at all.

Getting Started with 2FA

2FA is a no-brainer for security: it’s simple, quick, and free to set up on most services, including email, cloud services, and social media. Some services allow you as the administrator to enforce 2FA as a policy, requiring employees to set it up upon login. Some may consider the extra step in 2FA to be an inconvenience so communication of the reasons is key. You can prepare and consider tools/information to discuss 2FA with employees first before making it a requirement.  You may consider establishing policies that support an overall cybersecurity strategy that includes 2FA.

The New Normal

2FA is a standard feature in most business applications, typically found in the account settings or privacy menus: simply toggle 2FA on and follow the prompts. TurnOn2FA is a great resource with instructions for finding and setting up 2FA on many common services.

When vetting new vendors, do your homework to confirm that they support 2FA. If not, it may indicate that they don’t share your security-first mindset, and you might want to consider other vendors. And don’t hesitate to share your feedback with companies who don’t support 2FA – it’s a feature request they should prioritize and the more companies who participate, the better