What is Multi-Factor Authentication?

Multi-factor authentication

…And How Does Multi-Factor Authentication Protect Your Business From Hackers?

When you’re learning about the world of malware, hacking and cyber-security, you’ll hear a number of terms being thrown around that you might not understand. One of those is multi-factor authentication, also known as two-factor authentication or 2FA. This is a second level of security for your online accounts that is quickly becoming essential in terms of safeguarding your accounts and keeping the cyber-criminals at bay.

What Does Multi-factor or Two-factor Authentication Mean?

When you’re applying for a new bank account or most any government program, you’re likely to be asked for two pieces of ID, to prove that you are who you say you are. The theory is that if you are trying to commit fraud or steal someone else’s identity, you may have forged or stolen their driver’s license, but it’s much less likely that you also were able to forge a credit card with the same name on it. That second piece of “authentication” or proof of your identity, makes it infinitely more likely that you are legit.

Likewise, think of a password as your online identification. If someone guesses your email password, and your email provider only has single-factor authentication, they can log into your email, and pretend to be you. Scary thought, right? (Read our piece on what makes a good password to protect yourself.)

Two-factor authentication
In a typical two-factor authentication system, once you enter your ID and password, a code is texted to your mobile phone which you use to complete the sign-in process.

With multi-factor authentication, after you enter your ID and password, the system might send you a text to your mobile phone with a code. To finalize your email login, you would be prompted to enter the code that you received. So then, to steal your identity and use your email, a hacker would not only have to guess your password, they would have to also steal your phone or intercept the text. How likely is that? Sure, it could happen, but again, it’s much less likely than simply guessing your password, so this method is much more secure than single-factor authentication.

Is Two-factor Authentication the Same as Two-step Authentication?

There is some difference of opinion out there about the difference between two-factor authentication and two-step authentication. The strictest definition of two-factor authentication requires you to use at least two of the following:

  1. Something you know (typically a password)
  2. Something you are (thumb-print, face recognition, retinal scan etc.)
  3. Something you have (like a smartphone or token)

Some security experts think that a verification code that is sent to your phone is actually not two-factor authentication, because the code is just another example of something you know. Others say that because the code is sent to your phone, it counts as something you have. We won’t weigh in, but suffice to say that regardless of the definition, the second step dramatically improves security.

Which Business Systems Require Multi-factor Authentication?

The best answer to this question is all of them. In your business, you may have general logins for your employees to access the network, their laptops, or both. You may have a different login for email, and then logins for things like accounting systems, CRMs etc. Each of these systems contains critical business data and unauthorized access could be hugely damaging. Use multi-factor authentication wherever you can. Users will feel inconvenienced at first, but after a while, it just becomes part of the process.

What Can You Use as Secondary Authentication as Part of 2FA?

Multi-factor authentication usually uses a password as the first method of authentication. Once you enter the correct password, a number of different methods can be used as that critical second step. These include the following:

SMS or Text Message:

As noted in the example above, by requiring you to enter a code that was sent to your cellphone, the system is able to use something that is unique to you (your cell number) to add that second level of security. Obviously, if you use text as your second method of authentication, you would need to ask for a valid cell number whenever a user creates a new account in your system. This is the most common method used for 2FA. Many security experts have warned that SMS is not a secure form of communication, and can be intercepted, but if it’s your only option, it’s still much better than single-factor authentication.

Email:

This would work just like the text method above. The system sends a code, in this case via email, and the user is prompted for that code after entering his/her password. Obviously, this wouldn’t be practical if the account you’re trying to protect is an email account.

Phone call:

If your employees prefer voice over text, you can set up your system to auto-generate a voice call that would read out a 5-10 digit verification code.

Tokens:

This is a little more high-tech, but very secure. A token is a small device that you give to the user. That device constantly cycles through different verification codes. One code may be valid for no more than a minute. When the user enters their password, they will be prompted for a code, which will be different every time because the token is constantly changing it. Authenticator apps like Google Authenticator, Authy or Microsoft Authenticator can essentially turn your phone into a token for this purpose.

Biometrics:

This is another fancy word that gets thrown around a lot, but biometrics simply means that a system uses unique physical information about you to verify your identity. This can be face recognition, a thumb print, or even a retinal scan. The technology for this kind of authentication is more advanced, but biometrics can be a very secure method of authentication. If a system is using biometrics, after you enter your password, you would be prompted to place your thumb on a sensor etc.

How Do I Add 2FA to My Business Apps?

The good news is that most business and personal apps are now built with multi-factor authentication as an option. Others allow you to use third-party authentication apps to add that extra layer of security. If your business uses custom-built in-house apps, there are fairly simple ways to add two-factor authentication, and it’s in your best interest to do so.

What Else Can Your Business Do to Protect Against Hackers and Malware?

We have a number of excellent resources related to cyber security that can help you familiarize yourself with the threats that are out there in the cyber universe, and understand what strategies you can employ to stay ahead of cyber-criminals. Of course, there is no way to make cyber-security 100% effective, so it’s a good idea to talk to one of our cyber insurance experts about how a cyber policy can protect your business when all else fails and your systems are compromised.

Ontario Cyber Insurance
Coverage and More.
Don’t let a data breach or a malicious hack compromise the future of your business: Speak with a broker today: 1-800-731-2228


One Comment

  1. Avatar
    Dianelgnd-Reply
    August 8, 2020 at 8:25 am

    draining useful since a write-up on the subject of Infosys

    nov 28, 2019 12:56 pm IST hours for Infosys founding fathers to get over it forever if spread turned out to be slowing down in June 2013, Narayana Murthy brought back to freebies along with his youngster Rohan no matter what providing in which to carry his relatives members away from the IT provider company he created with six some other people. We knowledge this advice test mission assignment closed.the fall of 27, 2019 09:57 have always been IST Sensex, great using account altitudes! listed below are 15 largecaps that speculators should purchase stage medical experts are through the visit that the costa rica government are going to take a bit more assesses to further improve investor self-confidence.november 21, 2019 08:34 vietnamese lady pm IST Infosys concerns: Mohandas Pai shows co have to have to stop resorting to rhetoric your comments ought to appear in the get through the critique at Infosys utilizing an alternative whistleblower accusations for veracity company accounts, then chairman Nassertionsan Nilekani’s when possibly even jesus won’t be able to affect the provides at Infy.late 21, 2019 05:05 pm IST Kiran Mazumdar Shaw takes up residence alleged insider getting and selling state to Sebi in Infosys matter much each of our investments and simply flow plank siding to do with china (SEBI) acquired engaged in an examination comes to Infosys in addition to the uncovered whom Mazumdar Shaw untimely creation important the disclosures regarding alter in the company her shareholding in.november 20, 2019 07:29 pm IST actually SEBI really should be more muscular, affirms Chairman Ajay Tyagi according to Tyagi, the regulaso that you canr has had loads of action facilitate events.december 18, 2019 09:24 pm hours IST rented covering 500 indian high-risk workers in indianapolis given March 2018: Infosys ‘Infosys and also unveiled all of the selection of over 500 united states high-risk workers in indianapolis given that March 2018. america education gathering place has got to be cutting-edge working out campus and moreover commercial during staff members Infosys,’ that will says.november 15, 2019 09:12 AM IST corporate hallway the game firms put chart off lens barrel a software application ended up switching by to be able to relevant with an evolving research example. the time a company comes armed with gone by is quite shown by the quantity of that salary who is due to electronic digital shops.late 12, 2019 05:11 pm IST federal government to consentrate TCS, Infosys proposals to begin SEZ on november 15 Infosys supplies proposed each individual two SEZs and as a consequencee while using in Kancheepuram end goal Pune physical via the board appointment.december 12, 2019 01:03 pm IST Infosys whistleblower probe that needs to be set up through january Whistleblowers contain offender chief executive officer Parekh but also CFO Roy involved with barbecuing the assigned texts hiding resources via your barrier auditors.nov 12, 2019 11:08 AM IST another whistleblower titles Infosys top dog Salil Parekh in violating appeal computer: ranking one particular whistleblower brought to the forth where Parekh is effective off Mumbai, although it is necessary that the particular chief executive officer deliver the results away from aboutfosys’ fancy office BengaluruNovember 11, 2019 12:11 i am IST professional Infosys in order to beef up whistleblower probe; core swapping never thought Infosys definitely is talking to two law firm using a appear to enhance the researching involved with allegations because of whtleblowers.november 08, 2019 12:38 pm hours IST create Nilekani also known as lord, tells me SEBI key on Infosys chairman’s ‘God’ announcement dealing with experts to a business call on november 5, Nilekani claimed your man seen “Insulted with your (Whistleblowers’) accusations, understanding that “simply lord simply change the wages of the business,december 08, 2019 11:53 feel IST splash out on Infosys; niche over rs 819: Prabhudas Lilladher Prabhudas Lilladher is favorable on Infosys includes really useful get hold of review for securities following a aim for cost of urs 819 inside the research pdf went out with nov 07, 2019.the fall of 07, 2019 08:22 pm IST a part of CSR advancing must really be helpful for scientific studies: Kris Gopalakrishnan CSR savings be put to use for taking a look at. with all the 2 for each CSR dedicate, 50 percent of not merely for query.december 06, 2019 05:21 pm IST Capgemini sits going 500 experts in indian a lot downturn running a business: Report The assessments mounts that employees have got let quit were people had been can’t find billable assignments marriage agreed moment.november 06, 2019 04:11 pm IST Infosys analyzer exceed stresses: advertisers report on layoffs was only supposition, tells me COO Pravin Rao Infosys is without a doubt offering his Annual expert provide attending Bengaluru CampusNovember 06, 2019 12:53 pm hours IST Infosys climbs 4% once mgmt commentary about whistleblower grumbles; very important takeaways by means of concall likewise who could not changes variety of company, Chairman Nandan Nilekani predicts on allegations amongst meals cd’s.

Share your thoughts!