Cyberattacks reach record highs every year in Australia, and a large part of it is attributed to subpar account security. According to recent data breach statistics, 79% of cyber incidents affecting Australian organisations were linked to compromised credentials. Even parliamentary officials were hacked due to poor password practices. These cases highlight the fact that companies need two-factor authentication more than ever.
Two-factor authentication, or 2FA, combines passwords with a secondary authentication factor to make the login process more secure. These authentication factors usually fall within three categories:
- Something you know – like a password, PIN, and answer to specific security questions
- Something you have – including time-based codes generated by hardware tokens or one-time activation codes sent via a text message
- Something you are – such as fingerprints, facial profiles, voice IDs, and other forms of biometric data
A common example of 2FA in action is when you’re withdrawing money from an ATM. It requires you to present a bank card (something you have) and enter a PIN (something you know) to access your account. Many online services like Microsoft, Google, and Facebook apply the same principles. The theory is, by adding an extra step in the login process, accounts are exponentially more difficult to hack.
Passwords aren’t foolproof
Passwords are a standard security measure, but they’re not infallible. The security of an account rests entirely on the user’s ability to create a strong password. The problem is several users — from non-IT staff to tech CEOs like Mark Zuckerberg — don’t have the best password habits. Putting convenience over security first, users may set generic passwords that are easy to guess like ‘123456’ or ‘password’.
They may also be tempted to use the same passwords across multiple accounts, which is far from ideal. If a password is breached, all accounts using the same password are also at risk.
However, even strong passwords can be compromised. Hackers may conduct brute force attacks, in which they use a software program to guess your password by trying every possible combination. Then, there’s a risk of cybercriminals using malware attacks designed to compromise your servers and steal login credentials.
With 2FA, there’s an extra layer of protection supplementing passwords. This means if your passwords are compromised, hackers still won’t be able to hijack your accounts unless they have access to the second authentication factor. In other words, the chances of data breaches caused by compromised credentials are close to nil.
Defense against scams
Another issue with relying solely on passwords is that you become an attractive target for scammers. Phishing scams, in which cybercriminals disguise themselves as trustworthy individuals, are designed to extract login credentials from victims. For instance, scammers may claim they’re tech support or bank tellers who want to verify your passwords.
There’s no safety net if you fall for these traps. As soon as cybercriminals get a hold of your login details, they’ll have unfettered access to your most sensitive data. Everything from contact details to financial records will be leaked, enabling perpetrators to commit further fraud.
Enabling 2FA makes your accounts safer because passwords are no longer a single point of failure. To hack into an account, cybercriminals will also need to steal biometric data or one-time passcodes — which is not an easy feat. In fact, it’s so difficult that hackers will likely turn away and find a much more vulnerable target instead.
Logging in to all your accounts using 2FA may sound tiresome, but it’s safer to have it enabled. Thanks to 2FA tools like Duo, you can use advanced login options like single sign-on (SSO). SSO unifies all the apps and accounts you need for work under one set of login credentials. This way, you only have to provide your password and second authentication factor once to log in, instead of logging in to each app separately.
Whether it be state or federal, many regulations request Australian organisations to implement 2FA. The Privacy Act of 1988, for example, requires companies to take reasonable steps to authenticate users into systems and networks. Implementing 2FA is key to this process because it prevents unauthorised access to critical systems and information.
Alternatively, companies that are breached due to the absence of 2FA may face huge fines and customer backlash. More specifically, breached companies are liable for fines of up to $1.8 million. They’re also required to promptly report the breach to authorities and affected parties.
At the end of the day, the more applications and accounts you use, the more you’ll need 2FA in your security framework. It’s simply a must-have tool for any company that wants to mitigate data breach risks.
If you’re looking for high-quality security tools, Empower IT offers Duo two-factor authentication solutions. Call us today for a free demo and get the protection you deserve.