Remember when in 2012 a Russian cyberpunk stole 176 million encrypted login credentials from LinkedIn hashed using the woefully weak SH1 function and put it up for sale on a darknet marketplace for peanuts?
LinkedIn’s mega hack is just one dizzying example out of many in recent years. Compromised accounts at brands renowned worldwide including Yahoo, Twitter and Evernote have cast a harsh light on how vulnerable sensitive corporate data is if companies rely on passwords as the only shield to guard against cyber attacks, data breaches and fraud in today’s world of digital data, cloud computing and workforce mobility.
Unquestionable, passwords are the weakest link in data security and an easy touch for hackers - they will hunt, phish, spear phish, scam and social engineer to infiltrate your organization and move across all entities to access critical corporate resources. In the battle against them, you can choose from a selection of authentication methods. However, there probably is no better bang for your security buck than two-factor authentication, and companies of all sizes are racing to deploy it.
Are you one of them?
The problem with using just a password for authentication is that it doesn't prove the person logging in is you. Actually, all it proves is that you know your password.
In essence, two-factor authentication means the use of something besides your username and password to prove your identity. Typically, it is a code that you receive via text message or which is generated through an app you have installed on your mobile phone.
Along with that, biometrics can also serve as secondary tool to verify identity. In fact, biometric technology is no longer the fodder of Hollywood secret agent movies. Just think of how Windows Hello uses facial recognition mechanisms via your built-in webcam or fingerprint sensors to sign you in to your Windows 10 devices without having to type in a password, or the way Apple’s Touch ID sensor on your iPhone or iPad authenticates your payments for Apple Pay.
As traditional password security methods become increasingly discredited, CEOs should invest thoughts and effort into how to defense against malicious attacks to secure sensitive corporate data and company transactions. Most of the selling points will strike you as rather obvious.
- It’s safe to assume the company’s board is not going to blame the CIO or CISO for crushing data breaches. They’re going to hold the CEO liable. Why is that? Data breaches are no longer a mere technology challenge for IT admins. In fact, they have become a core business issue. To put flesh on numbers: A recent survey of 200 corporate directors conducted by the New York Stock Exchange in conjunction with the security company Veracode illustrated that more than two in five respondents said CEOs alone should face the brunt of any breach-related backlash.
- Notoriously, cyber security is complex and expensive. Every year, large enterprises tend to invest dizzying amounts of dollars to thwart future breaches when, in turn, there’s only little data to support the actual value of those costly services. While that approach may work well for businesses with a solid budget to spend on data security, small companies are left out in the cold as they simply can’t afford to invest big bucks to guard against data hacks.
- A good deal of data breaches happen not because savvy hackers burrow into company servers, but rather because of easy-to-guess employee login credentials. You can almost bet on it - someone in your company has set MyDogHasTurned19 as their password and with it basically rolled out the red carpet for cyber-criminals to worm their way into your organization.
In effect, two-factor authentication adds another layer of security to your corporate data.
The logic behind is simple. Two-factor authentication requires a second level of identification after you enter your username along with your password to log in to your account. In other words: Two-factor authentication prompts you to provide something in addition to your login credentials before you are granted access to corporate applications, networks and servers.
In the past, this second factor of authentication could have been a hardware token with a time-sensitive, numerical code (they have been around for many years), a smart card or a text message sent to your mobile phone. Modern two-factor authentication also takes advantage of push technology to allow you to prove your identity with the tap of a finger. Ever swiped your phone to hail an Uber ride? We bet you have.
Yes, swiping your fingerprint or copying a code will make logging in to an account take slightly longer. But that tiny inconvenience is nothing balanced against the crushing inconvenience that comes with losing control of your identity.
- Complexity is the enemy of cyber security. Too often, security mechanisms prompt employees to perform annoying, time-consuming acts while they’re just trying to get their work done, ultimately driving them to find ways to work around the security system that was implemented to protect them in the first place. Ideally, security solutions are designed to run smoothly without any friction so employees won’t even notice they’re using it. Two-factor authentication requires minimal interaction and seamlessly integrates into daily routines without peeving employees and putting them to the test.
- Most security mechanisms come with the overhead of installing and configuring systems just to manage the technology, and more often than not involve budgeting for external consultants to provide ongoing maintenance and customization of that solution. Because of that complexity, in the past companies were likely to end up stocking up their internal security team and invest large sums in employee training just to run a complex security solution that’s hard to grasp for IT and staff alike (and most likely outdated within a reasonable period). Modern two-factor authentication neither requires expensive consultants to implement the solution nor specialized training for the internal security team - as there are no complex IT processes to implement, IT is off the hook.
- Ever racked your brain over a password so sophisticated it was sheer impossible to remember? Two-factor authentication simplifies exactly that. Today, we not only seem eager to create strong and unique passwords in the attempt to prevent them from being guessed easily, we also struggle to remember them. As a seemingly appealing workaround, we end up reusing one single, savvy password across multiple websites for our convenience while patting ourselves on the back for being password superstars (we’ve all been there), unaware that we just have smoothed the way for hackers to wreak havoc.
Templafy deeply cares about keeping your corporate data and identity protected. Get in touch with our Commercial Product Manager Jesper Petersen to learn how we handle cyber security or sign up for a personal meeting.