Two-factor authentication (2FA) can help protect your business accounts and data from unauthorized access.
- Two-factor authentication (2FA) offers greater account and device security than password-only logins.
- There are several different types of multifactor authentication (MFA) your business can implement, including PINs, one-time authentication codes and facial or voice recognition.
- When setting up 2FA for your business, consider which accounts can be included, the system requirements you’ll need, and which authentication factors will work best for your business.
- This article is for business owners who want to create an extra layer of security for their company devices and accounts through 2FA or MFA.
For most businesses, vast amounts of sensitive financial and customer data are stored online in their digital and cloud-based accounts. The value of this data makes small businesses a prime target for data breaches and ransomware attacks. A 2020 SOPHOS report for various countries can be found here. South Africa showing over 20% of businesses hit.
Most users assume their passwords will keep their accounts safe. However, weaker passwords are extremely vulnerable and easy to hack. And if you’re someone who struggles to remember their passwords, you’re more likely to keep yourself out than a cybercriminal.
This is where two-factor authentication (2FA) comes in. This technology adds an extra layer of security at each login to keep your data and devices more secure than a password-only login. Plus, it’s easy for businesses to integrate and manage within their existing network with the right 2FA solution.
If you’re looking to boost your system’s security, here’s a rundown of how 2FA works, the different types of factors that exist and how it can be used as a solution to help protect your business.
What is two-factor authentication?
Single-factor authentication involves logging into an account or device using only your username and password. Two-factor authentication provides an extra layer of security to your online accounts and digital devices by requiring an additional login credential.
A “factor” refers to any way to validate your identity in order to successfully log into the account or device you’re trying to access. With 2FA, the account or device will ask you to enter a second factor to prove your identity, typically something that only you would have access to. Successfully entering this second factor after your password will grant you access to your account or device.
KEY NOTE: Two-factor authentication is an additional confirmation of a user’s identity beyond their password before they are granted account access.
How does two-factor authentication work?
With two-factor authentication, even if someone steals your password, the likelihood of them getting the second identifier is unlikely, as these factors tend to be something that can only be produced through one of your other devices or from yourself. This makes 2FA a more secure option than the traditional password login, and it allows users and organizations more flexibility.
Once a user enters their username and password, two-factor authentication asks for an additional piece of information. There are typically three categories of second factors a system may ask for: Something you know, such as a personal identification number (PIN) or an answer to a security question; something you have, such as a one-time authorization code sent to a third-party device or application; or something involving your physical self, such as facial, fingerprint, or voice recognition.
Securing an account or device with 2FA typically involves setting up that account or device with a 2FA system. Depending on the means of authentication, you may need to configure security questions, enter a mobile device number, register with a third-party application or input your biometric data (generally only on mobile platforms like iPhone’s FaceID or fingerprint) to successfully set up your multifactor authentication.
Key takeaway: With 2FA, the user’s account or device will ask for an additional identity factor such as a security question answer, an authentication code or biometric data. This makes it more secure than password-only logins, as the user will typically be the only one who can provide the second “factor.”
Why is two-factor authentication important?
With the COVID-19 pandemic causing more organizations to adopt hybrid or remote workforces in the future, two-factor authentication is an important way to keep in-office and remote workers equally secure.
Having a 2FA system in place is the best way to make sure your business and customer data is secure. Cyberattacks continue to become more sophisticated and targeted, and even a small-scale data breach can devastate a small business that lacks the resources to recover from an attack.
With 2FA, even if hackers have usernames and passwords, they cannot access a user’s information without the additional authentication factor. When every user in an organization is using the same 2FA solution, it makes it difficult for a hacker to access their network. This not only protects a business’s staff, but also the vendors, partners and customers that they work with.
KEY NOTE: As cyberattacks become more targeted and sophisticated, 2FA can help protect accounts from being hacked, even if a cybercriminal gains access to usernames and passwords.
Types of two-factor authentication
There are many different types of 2FA factors that an organization can use. These are typically determined by what device or app the user will have access to and what the organization itself can provide. Here are five types of common factors that are used with 2FA:
1. SMS/text messages
One of the most common and straightforward authentication factors is to have a login code sent to your cell phone or mobile device through SMS or text message. Once you enter your username and password, an authentication code is sent to the mobile device you registered with your account, and a prompt will ask you to enter it once you receive it.
A SMS message code does have some security risk, as sophisticated hackers may be able to hijack a mobile device to gain unauthorized access to an account. For this reason, organizations may wish to steer clear of SMS authentication unless employees are using secure, corporate-issued mobile devices.
2. Authentication applications
An authentication app works similarly to a text message code. Once you log in, instead of getting a code sent via SMS, it will generate a time-sensitive code through a certified authentication application, such as Google Authenticator. Many of these apps also provide backup codes in case a user has data connectivity problems and can’t access the app immediately.
When using this form of authentication, the user can set up their device to receive a push notification from the app telling them the verification code. This eliminates phishing and network penetration, but it can become unreliable if the user’s internet connection is spotty.
3. Biometric authentication
Biometric authentication requires the user to present a physical attribute of themselves to gain access to their account. The most common factors tend to be a person’s voice, face or fingerprint. While this is almost impossible for someone else to replicate, there are limitations to this method. If the device on which you’re accessing your account cannot properly verify your voice, face, fingerprint or other biometric data due to a device or calibration issue, you’ll be unable to access it.
4. Hardware tokens
Hardware tokens are keychain-like fobs that produce a numerical code every 30 seconds. After the user enters their login information, they look at the device and enter the code that is on the token. Because of the cost of these units, it may be cost-prohibitive for large organizations. However, it is extremely secure and impossible to hack unless someone steals the physical fob.
5. Software tokens
Software tokens are one of the most popular forms of 2FA for businesses. Like a hardware token, a user downloads an organization-approved software program, which generates a random login code for the account. These tokens only display the code for a limited amount of time, between 30 seconds and one minute.
KEY NOTE: Businesses have multiple options when it comes to 2FA protection, including SMS codes, authentication apps, biometric authentication and hardware or software tokens.
Two-factor authentication solutions to protect your business
Many commonly used business applications like Google Workspace, Dropbox, Salesforce, Slack, PayPal and social media sites already have options to set up two-factor authentication. If you’re using a username and password to log into them now, you can go into your settings and add two-factor verification to your login options. From there, you can edit which factors you’ll use as credentials and for which devices you’ll require 2FA.
To set up 2FA across all your business accounts (even those that don’t offer it natively), you may wish to consider a dedicated system that allows you to configure multifactor authentication through a single sign-on (SSO) or identity access management (IAM) portal. Some of the best single sign-on solutions for businesses include OneLogin, LastPass, Okta, Google Cloud and JumpCloud.
KEY NOTE: You can set up 2FA for your business accounts natively within each platform (if available) or through a single sign-on or identity access management portal.
Setting up 2FA for your business
Here’s how to set up 2FA for your business:
1. Determine which accounts to protect through 2FA.
The first step to setting up 2FA is determining which organizational accounts need to be protected. If you’re investing in a SSO or IAM solution, you can secure all connected business accounts with multifactor authentication. If not, it’s a good idea to implement two-factor authentication natively on any platform that allows you to do so. This may include applications like email, messaging services, inventory, financial software and cloud storage accounts.
2. Upgrade your operating system(s) if necessary.
When researching in a 2FA solution to use, make sure you have the operating systems and infrastructure to support it. All devices in systems that you’re using for factors need to be running on the same operating system for consistency.
Additionally, some 2FA solutions may require you to install an additional app or software. They typically require to be run on the latest operating system for your device or web browser, so ensure that all your devices are up to date.
3. Decide which factor works best for your organization.
Every user in your business should use the same universal factor when logging into the 2FA system. Using the same universal factor makes it easier for everyone in the organization, as well as your IT support when they need to determine a login issue.
In short, use an identity verification factor that makes sense for your business. For instance, if users are logging on with devices that don’t support biometric solutions, then don’t use facial, fingerprint or voice recognition as your second authentication factor.
4. Implement a deployment strategy.
Before you roll out your new 2FA solution, give your employees advance notice. Provide clear instructions for setting up 2FA, and offer IT support for those who need it. Be open to any questions and discussion about 2FA, and set time aside for your staff to implement it.
KEY NOTE: When setting up 2FA for your business, choose a solution that is convenient and straightforward for your employees and/or customers to use. You should also educate your users on why 2FA is important.