Two-Factor Authentication

Two-Factor Authentication: Who has it and why?

The problem

Have you ever asked yourself what would happen if your work or business email got hacked? When suddenly someone unexpected has access to all your emails, business contacts, company information, customers, vendors, meetings, schedules, financials and login information to other systems. The results can be messy, and there’s no other company that knows that better than Yahoo.

According to The Guardian, in August 2013 Yahoo suffered what was dubbed “The biggest data breach in history”. Where 1 Billion user accounts were compromised. The result is a PR and financial disaster together with the loss of customers and company reputation.

It’s not only big corporations though like Yahoo and Sony that have suffered major cyber-attacks over the past few years. In 2016, Symantec reported that 43% of cyber-attacks target small businesses. The reason for this is relatively simple: Smaller companies tend to have weaker online security protection and awareness, thus making them highly attractive easy targets for cyber-crime.

Proactive vs Reactive?

Most companies realise when it’s too late that their systems have been compromised, spending between tens of thousands to Millions on security post-breach costs to then protect their previously compromised system. This is called a reactive approach (waiting for something to happen before doing anything about it) and it’s also the costliest approach when it comes to security.

Damage and costs can be minimised significantly by adopting a proactive approach. Shops use tags, CCTV cameras, security guards and other anti-theft devices throughout the store to prevent theft. The same can’t be used to protect access to your emails and company information. Now you probably might be thinking “Well… I have a username and password for all my logins, so surely someone can’t gain access to my emails or user account without knowing them.”

The truth is, in the past this has always been a “good enough” security measure. However, in our now modern connected world attackers are using much more sophisticated tools and methods to compromise systems. Phishing, keyloggers, brute-force, social engineering and spidering are just the tip of the ice-burg. To put this in perspective: Passwords alone are no longer safe!… So what now?

Two factor Authentication

Two factor authentication is one of the most widely used methods of further improving your security. It requires two different methods of proving you are who you say you are before granting you access to protected resources. You will probably be familiar with this technology already  for access your bank online where you will have used either a small token or phone based app with a changing code.

The two authentication factors can be one of the following:

  • Something you know (Typically your Pin, Password or Secret Answer)
  • Something you have (Your Mobile Phone or Hardware Token)
  • Something you are (Biometric data such as your fingerprints or eyes)
Recommendations for Office 365 Users

In 2013 Microsoft introduced a new Multi-Factor Authentication feature for Office 365 users, allowing them to acknowledge a phone call, text or an app notification on their smartphones after correctly entering their password. Only after this second factor of authentication has been successful, the user can then sign in. This increases the security of your emails above and beyond just an ordinary username and password. Setting up two-factor authentication for Office 365 is a relatively easy and straightforward process. All you need is a smartphone and 15 minutes of your time.

If you are interested in more security options for your Microsoft Office or other services, give us a call and see if our recommendations would be suitable for your organisation.