Why You Should Use Two-Factor Authentication (2FA) Now


Decades ago, hackers learned how to crack passwords, especially the ones that are overly simple or obvious. Did you know the most popular passwords are the most insecure? password1, 123456 and even default are still all too commonly used.

Weak passwords are a cinch to hack. But other approaches to hacking are nearly as easy. With social engineering, a hacker can masquerade as an IT admin and simply ask for your password over the phone or through email. This works far too often.

Then there are brute force attacks where a hacker tool simply makes password attempts automatically one after another until one works.

In fact, password hacking is so sophisticated that it took only ten days for a hacker group to crack 11 million passwords from the notorious Ashley Madison web site.

Some IT departments force users to have complex passwords and change them regularly. That certainly helps, but it is not a perfect solution and still vulnerable to social engineering and other hacker attacks that can nab passwords.

No matter how complex you make a single password, so-called single authentication will always be crackable. However, adding another level of authentication, two-factor authentication (2FA) or more levels, through multi-factor authentication (MFA), can make passwords truly hacker-proof.

With two-factor authentication, you need to prove your identity through two steps; usually these steps are a password and something that only you can access. This could be something you know, such as your mother’s maiden name, or something you have, such as a fingerprint or retina. When commercial web sites do 2FA, they sometimes send an email or text message to your phone that you then input online to log in.

Why Safeguarding Your Email Password is So Crucial

Many security experts believe that email is the one app most often compromised. This can happen through the methods we’ve discussed previously, as well as through phishing attacks or malicious password-stealing malware attachments.

Email passwords are sought after because they can really be the keys to the kingdom. With just your email password, a hacker can likely get into your other accounts since most end users reuse passwords.

And, today, email links directly to social media, so a hacker can pretend to be you or gain enough personal information about you for identity theft.

The other issue is that your email is often used by services to reset a lost password. A hacker can access other accounts  even without knowing your other account’s password by having the  password-reset link sent to your email ― which they can already access.

The Limits of Low-End 2FA Tools

One way you can tell 2FA is so important is that more web sites, especially those for financial institutions, use it.

With 2FA, you first enter your username and password, but before you get to access your account you need to answer a personal question, input a number texted to your phone or emailed, click an image you have chosen from many, or use other authentication means.

One of the great things about 2FA and MFA is how user-friendly it is. How hard is it to remember your mother’s maiden name?

Low-level approaches to 2FA, however, can still be hacked. Using the example above, a cyber criminal can access to your private information and find your mother’s maiden name.

The text message sent to your phone can also be compromised. For instance, a hacker could call the phone company, act as if they are you, and have calls forwarded to them. Now they have those text messages that provide that second level of authentication.

The biggest vulnerability of low-level 2FA comes about because users often forget passwords, especially complex ones, while web sites want to give access back as fast as possible.

2FA provided by web sites should be far stronger. As users, though, we need to protect ourselves more vigorously. Don’t choose “things you know” that can be easily found, such as your mother’s maiden name. And be wary of social engineering. That means never giving out your password or second level of authentication.

2FA/MFA Buyer’s Guide

When implemented correctly and using a quality solution, 2FA/MFA will not only keep your digital infrastructure safe, it will do so without inconveniencing your employees. In fact, in most organizations, it doesn’t take long after implementation for staff to fall right back into their old routines. Which is fine, of course, because those old routines are now much safer.

You may want to use 2FA/MFA in conjunction with Single Sign On (SSO) to make it easier for employees to sign into your company’s system. SSO allows a user to have direct access to all of the platforms they use, but they only need one credential to access them. It’s like having a single, very secure key to access 100 different doors with 100 individual locks.

SSO is definitely something you’ll want to look for when considering your options for a 2FA/MFA vendor. However, remember that just offering SSO isn’t good enough – you need to do a deep dive to understand any 2FA/MFA vendor you are evaluating.

Posted by Doug Barney
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.
5 Tips for Successful Remote Workforce IT Management

5 Tips for Successful Remote Workforce IT Management

An unprecedented crisis is gripping the world today. At the time of this writing, hundreds of thousands are battling aRead More

IT Glue A Kaseya Company

Connect IT Global: IT Glue Offers Limited Release of Network Glue for Powerful Network Discovery, Documentation, and Diagramming

Announced at Connect IT Global, Network Glue automates capturing, displaying, and refreshing network device information inside of IT Glue accounts. NetworkRead More

Connect Global IT - Fred Voccola Keynote

Connect IT Global: Day 1 Recap

What a day it was – building on the Pre-Conference energy (packed training sessions! an exciting Customer Success Council includingRead More

Kaseya Powered Services

Connect IT Global: Kaseya Launches Powered Services 2.0, Levels the Competitive Playing Field for MSPs Who Adopt

Best-in-class MSPs outperform their peers in multiple dimensions – but while MSPs often are technical experts, only the best-in-class haveRead More

Download the 2022 IT Operations Survey Report - Click Here
2022 Benchmark Survery Results