The significance of creating strong passwords is with other words more important than ever. However, just relying on strong passwords is not enough. Here are some worrying facts about this traditional security measure:
- 90% of passwords can be cracked in less than six hours
- Two-thirds of people use the same password everywhere.
- 57% of people who have already been scammed in phishing attacks still haven’t changed their passwords.
(Source: The Business Journals)
Your OTP options include:
- SMS (Text Messages): SMS is the most popular method of 2FA. After a successful login, the user receives a 5-10 digit code via SMS on their phone, which they then enter into the application for access.
- Pros: Employees are comfortable receiving text messages and it is cost-effective to implement.
- Cons: Relies on cell reception and a physical phone. If stolen, you can’t authenticate.
- Email: An OTP can be sent to a secondary email account for verification. This technique works in the same way as SMS, where a 5-10 digit code is sent to the email address.
- Pros: Employees can get emails on multiple devices, it’s cost-effective and everyone uses email.
- Cons: Emails sometimes fail to deliver, and hackers can gain access to your email and get the code.
- Voice Call: Although not a common practice, users can choose to receive a call to a designated phone number with the OTP delivered using a text-to-speech service.
- Pros: All employees are comfortable with phone calls and voice doesn’t require a data connection.
- Cons: Calls can be intercepted, forwarded or voicemails hacked. If stolen, you can’t authenticate.
- Hardware Tokens: This is a common enterprise practice, where employees are given a physical device such a key fob, or other devices that dynamically generates a code for the user.
- Pros: It is a standalone solution that doesn’t require reception or WiFi connection.
- Cons: The pieces are expensive, hard to manage and devices are easily misplaced or lost.
- Software Tokens: Instead of carrying around a device, software tokens require employees to install an application that runs on their computer or mobile device.
- Pros: Apps are easy to use, easy to update and easy to apply patches when needed.
- Cons: Employees must download to their personal device. Apps can be compromised without user knowledge.
- Push Notification: Apps like Auth0 Guardian enable you to receive a push notification in the same way you get alerts from your calendar app or news activity. The notifications request a response of either a “Yes” or a “No.”
- Pros: There’s a direct and secure communication between authentication and the smartphone application.
- Cons: If a device is stolen, users must go online to cancel the device before it is compromised.
Although there are pros and cons to every 2FA option, keep in mind that it is impossible to get your enterprise authentication 100% secure. Implementing 2FA increases your security no matter what, so select a second factor that works best for your employees.
How can 2FA help you?
2FA (also known as 2-Step verification) is an additional layer of security used to ensure only authenticated users gain access to an online account. Initially, a user will enter their username and a password as usual. Then, rather than gaining access straight away, they will be required to provide additional information.
This second factor could come from one of the following categories:
- Something you own:
A code from an Authenticator app on your phone, or a code sent by SMS to your phone.
- Something you are:
A biometric indicator, like your fingerprint (Touch ID) or facial recognition (Face ID)