Does My Company Need Two-Factor Authentication?

Does My Company Need Two-Factor Authentication?

Password security can be challenging for companies on two fronts. One is getting users to follow strong password policies and the other is securing logins that may have been stolen or compromised due to a data breach.

Login credentials are the one thing standing between a hacker and your data and system resources, which is why credential theft is so popular.

29% of users will input their credentials into a fake form they got to from a phishing link.

If your network security is depending upon the weakest user password on your team, it leaves you open to risk of a ransomware infection or a costly data breach.

Cybersecurity incidents are costly and result in lost productivity, extended downtime, loss of customer trust, and can hurt businesses for months and years after the incident occurs.

According to IBM’s report on data breach costs, organizations see losses for three or more years after an incident.

  • 67% of data breach costs occur the year of the incident
  • 22% of costs occur in the 2nd year
  • 11% of costs occur after two years

Just one security incident can cause a small business in the Broomfield area, or anywhere else, to go out of business for good, so it’s vital to control credential security and the best way to do that is through the use of two-factor authentication (2FA).

Why Is 2FA So Important?

Two-factor authentication, also referred to as multi-factor authentication, is a security protocol for user authorization that puts an additional requirement in place before granting access to a website account or application.

There are typically three main types of login authentication. These are:

  • What you know: Your username/password, a challenge question
  • What you have: A physical device that a confirmation code is sent to by prompt, SMS or voice call
  • What you are: Biometrics, like fingerprint or retinal scanning

Without 2FA in use, most logins will use just one factor, the “what you know” factor. This means that with their username and password, a user is granted access.

Hackers easily exploit this both with help from users that fall for phishing attacks or use lax password practices, and by purchasing compromised credentials on the Dark Web.

In 2019, it was found that 620 million accounts stolen from hacked websites (like MyFitnessPal and MyHeritage) were up for sale on the Dark Web. Users often use the same login credentials in multiple accounts, so if one is compromised, others are too.

With two-factor authentication, a second authentication method is put into place. It’s like putting a second door in a bank vault. The first bank vault door might have a combination that can be cracked by a criminal, but when they get to the second door, they find it can only be opened with a key held by a specific person.

That second “door” when it comes to 2FA is typically the “what you have” authentication factor and it entails sending a time-limited code to a user device that’s been set up previously in the system. Without access to that device (which can be a smartphone or other physical device) a hacker cannot gain access into an account with only the user login credentials.

This simple step significantly increases data and account security by leaps and bounds.

How Much Does 2FA Help in Reducing Fraudulent Logins?

Both Microsoft and Google have participated in studies on the impact of two-factor authentication and account security. Both found that it’s an invaluable tool for locking down your accounts and ensuring cybercriminals can’t access them.

Here are the results from the two studies.

Microsoft has reported that 81% of breaches are caused by credential theft. What they found was that 99.9% of account attacks can be blocked by using two-factor authentication.

Google looked at various types of attacks as compared to different methods of two-factor authentication. 

2FA notification methods they looked at were:

  • On-device prompt
  • Code via SMS 
  • Code via security key (Uses a physical security key or security key built into an Android 7.0+ phone or your iPhone with iOS 10.0+)

The attack types they looked at were:

  • Automated bot attacks
  • Bulk phishing attacks
  • Targeted attacks

Their study found that between 76%-100% of unauthorized account logins were stopped due to using two-factor authentication.

When using an on-device prompt, 2FA stopped:

  • 100% of automated bot attacks
  • 99% of bulk phishing attacks
  • 90% of targeted attacks

When receiving a code by SMS, 2FA stopped:

  • 100% of automated bot attacks
  • 96% of bulk phishing attacks
  • 76% of targeted attacks

When using a security key, 2FA stopped:

  • 100% of automated bot attacks
  • 100% of bulk phishing attacks
  • 100% of targeted attacks

As you can see, the few extra seconds it takes to enter a 2FA code is more than worth it when it can stop nearly all data breaches due to compromised passwords.

Are Your User Logins Secure, No Matter Where They Are?

Network security gets more complicated when you have remote and mobile workers. How secure are your user logins? B-Comp Services provides full network security, including using VPNs and other tools.

Contact us for a free consultation today at 303-282-4934 or through our contact form.