WatchPoint Security Blog

Two-Factor Authentication and Why It's Essential for Your Business

Written by Jordan Kadlec | October 31, 2018

Photo courtesy of Shahmeer Amir 

Simply having a strong password to keep your data safe is a thing of the past. As cybercriminals become more sophisticated, so must we. With two-factor authentication, a hacker cannot access your accounts with only a compromised password.

What is Two-Factor Authentication?

Two-factor authentication, also referred to as 2FA, is one of the most effective and simple ways to prevent unauthorized logins to an account. 2FA is a form of login that requires both a password and a secondary verification on another device. Once you enter your login credentials (username and password) into an account, you will be prompted to enter a numeric code or even provide a fingerprint for further validation. Once this has been verified, you will be granted access to your account.

The idea behind 2FA is that a password isn’t enough to keep your confidential information safe. With so many data breaches that have affected virtually every U.S. citizen, login credentials are circulating the dark web every second of the day. With 2FA, even if your login credentials are compromised, a hacker would need access to your secondary device to receive the additional access code.

How to Enable Two-Factor Authentication

Every day, more and more websites that require a user to login to access their information are either requiring or offering 2FA. Odds are, you have already taken part in a 2FA login. If you have ever received a text message with a passcode to enter before logging into an account, you have participated in 2FA. If you have a Google, Facebook, Twitter, or Amazon account, you probably have also been prompted to enable 2FA.

With 2FA being so simple and effective, now is the time to enable it. Yes, it’s going to be an extra step every time you log in to each respective account, however, it’s what could prevent you from incurring a breach. Let’s say a hacker gains access to your Gmail account that you use as an email address for all your accounts. It’s pretty easy to search and find emails from your credit card company. The hacker finds your username on one email and can now go out to that website and request a password reset. Since the hacker has access to your email address, the link will be sent, and he/she will now be able to reset your password to whatever he/she wishes.

If you have 2FA set up on that account, regardless of what the password is reset to, the hacker will not be able to login to the account because they don’t have the secondary code.

Ready to set up 2FA? On most websites that offer the service, you can enable 2FA under settings. If there is a separate security section, look there. When you enable the option, you will be able to choose how you want to use 2FA; for instance, you can opt to receive a text message containing a one-time code.

Alternatively, there are several extremely reliable authentication applications such as Authy or Google Authenticator. The application is linked to the website you have enabled 2FA on and provides a code that is timed to expire every 10 seconds or so.

The most secure option is to use a physical key. When using this option, no one will be able to access your account without having your specific dongle connected. Currently, USB keys are mostly used for high-risk targets or high-risk accounts. However, they can be purchased by anyone and provide the very best protection. While most of the authentication applications are free, the best USB keys range from $40 to $60 per key. Below are the most popular USB keys available:

  • YubiKey 4C Nano USB-C Authentication Key ($60) – This is the smallest key available that is designed to live in your computer. It’s the size of a newer wireless mouse USB device with minimal intrusion outside of the port. Aside from being small enough to fit inside a wallet, it’s crush-resistant and completely waterproof.
  • Google Titan Security Key ($50) – The newest device released by Google offers authentication via Bluetooth, meaning it can be used with your mobile devices. While it’s larger than most other devices, it’s designed to work with more devices.
  • YubiKey 4 USB Authentication Key ($40) – This device is larger than it’s little brother (YubiKey 4C Nano); being the size of a regular USB drive. To use the YubiKey 4, you simply plug in the device to the USB port and touch the gold contact. The stylish device works on macOS, Windows, Linux, and Chrome OS.

It’s time. It’s time to enable 2FA on every device and every website or application possible. By taking an extra 10 seconds to log in, you could save yourself and your company from incurring a cyberattack.