Two-Factor Authentication Is Here to Stay. Here’s Why You Should Be Rejoicing
Not too long ago, I wrote a blog post about the hidden costs that outdated technology is forcing your business to deal with. In it, I talked not only about the impact that legacy resources have on your employees, but I attempted to shatter some myths about why most businesses are reluctant to upgrade their technology in the first place.
Shortly after that blog went live, I got an email from a reader that I’d like to spend a little time discussing. He was happy with what I’d written and agreed… but felt there was one particular angle I’d essentially overlooked.
“What about the costs of outdated methods of PROTECTING that technology?”, he asked. He was talking, of course, about things like passwords and two-factor authentication. “Some of the new authentication techniques – like facial and thumb recognition – are getting so good that it’s clear passwords will completely go away sooner rather than later. Why should we keep pretending that even two-factor authentication is enough to protect us when the not-too-distant future clearly says otherwise?”
It’s a solid point… but it’s also not one I happen to agree with, despite the fact that a lot of people do. Because in my opinion, two-factor authentication isn’t going anywhere anytime soon. But that’s not a cause for panic.
It’s a cause for celebration.
The True Power of Two-Factor Authentication
Yes, it’s absolutely true that passwords are a woefully inadequate form of protection in the modern era. Not only can 90% of them be cracked in less than six hours, but about 66% of people use the same password *everywhere* in the first place. Not only that, but hackers have the power to literally test billions of passwords every second – meaning that if you rely on passwords alone, you’re really not anywhere near as protected as you thought you were.
But the reason why two-factor authentication was, is and will continue to be so important is because it adds those additional layers that go above and beyond simple password protection.
By requiring “something you know” (meaning a password) with “something you have” (meaning something like a smartphone or tablet), you’re making it that much more difficult for an intrusion attempt to be successful. Even if someone does have that password, they probably don’t have physical access to the device in question. But YOU’LL get a notification that someone was trying to log into your account, thus putting you in an excellent position to do something about it.
Plus, biometric authentication isn’t going to REPLACE two-factor authentication. It’s going to support and empower it. Instead of typing in a code that is automatically sent to your smartphone, you’ll soon have to use your fingerprint (or an eye scan, or a “voice print”) on the device to complete the authentication process. That makes things that much more effective because even if a hacker DID somehow manage to gain physical access to your phone, the chances are very, very slim they’d also have access to your fingerprint or voice at the same time.
An equally compelling part of this argument has to do with a woman named Patricia Reilly who, until recently, was employed for the UK Peebles Media Group. One day, criminals sent Ms. Reilly an email pretending to be her boss and, long story short, she ended up sending them about $250,000 of her business’ hard-earned money. She’s now being sued for that error, by the way.
How, exactly, would facial or thumbprint recognition ALONE have prevented that from happening?
Had two-factor authentication been enabled on that account, on the other hand, someone who wasn’t Patricia Reilly likely would have gotten a notification the minute she signed in. They could have at the very least reached out to her and asked “hey Patty… why are you wiring $250K without prior approval?” and at that point, the entire affair probably would have come to a stop.
So while it’s absolutely fair to say that authentication techniques are becoming more sophisticated all the time and passwords are absolutely going to go away.. that day hasn’t arrived quite yet. Until it comes, two-factor authentication is still one of the best chances we all have to fend off the types of cyber attackers who are laying in wait around the world.
Never respond to an email from someone who tells you differently, as they may soon ask you to send them $250,000.
Two-Factor Authentication: Because the Future Isn’t Here Quite Yet
Cyber security is nothing if not complicated – and the methods we use to protect ourselves are equally so. If you’d like to find out more information about why two-factor authentication is still just as valuable as it ever was, or if you’re looking for more opportunities to protect your business from attackers, great – we might be able to help.
Ready to Convert Your Employees from Liability to Asset?
Contact QuestingHound today for your introductory "getting to know you" phone call. It'll help us confirm that we think about cyber security in the same way, thus putting us in the best position to come up with the defense that you need when you need it the most.
John Boden is a Managing Partner at QuestingHound, Inc., a Deerfield Beach IT support company that has been helping small businesses in South Florida stop focusing on IT and getting back to doing business the past 18 years. He promotes a culture that is dedicated to the highest standard of ethics, hard work, and outstanding customer service. Connect with John on LinkedIn.