We Believe in 2-Factor Authentication. Here’s Why You Should, Too.
Passwords Are Not Enough
The days of a password alone being enough to protect your account privacy are long gone.
- 63% of passwords are weak, default, or stolen (Verizon Data Breach Investigations Report)
- 25% of employees use the same password for every account (OpenVPN Report)
- 80% of hacking-related breaches still involve compromised and weak credentials (Verizon)
- 29% of all breaches use stolen credentials (Verizon)
Two-factor authentication (2FA) is one of the best ways to protect your accounts. 2FA adds a second step to your usual log-in process.
Once you enter your username and password, you take one additional action depending on the type of 2FA you use. It could be entering a code sent as a text message or accepting a prompt on your smartphone. All in all, it’s just a few extra seconds.
Users Still Reluctant to Use 2FA
Despite the risks, many employees are against using 2FA.
- 63% of businesses receive backlash from employees when using 2FA (TechRepublic)
- 74% of companies receive complaints about 2FA from their users (eSecurity Planet)
- Even Google could only get about 10% of its users to sign up for 2FA on their accounts (New York Times)
We think that’s rather ridiculous. Getting annoyed because you have to find your phone and tap on a prompt every time you log into your accounts? It doesn’t get any more #firstworldproblems than that.
Here at ITP, we recently enabled 2FA for one of the applications we use every day. Sure, there were a few good-natured groans and eye rolls when it was announced, but we all know how important it is to practice what we preach to our clients – that 2FA adds another vital layer of protection against hackers and should be used whenever possible.
Your employees need to take an active role in protecting themselves and their company. Getting people on board with using 2FA may take a little education and persuasion, but it’s absolutely worth the effort.
2FA Works, Plain and Simple
It protects your accounts from all sorts of damaging attacks.
Credential stuffing or brute-force attacks hijack people’s online accounts in bulk. Dunkin’ Donuts, Warby Parker, GitHub, AdGuard, the State Department, and even Apple iCloud accounts have all fallen victim to credential-stuffing attacks in recent years. Only two-factor accounts are protected from these automated login attacks.
Recent research by Google showed that 2FA using an SMS code blocked 100% of automated attacks, 96% of bulk phishing attacks, and 76% of direct, targeted attacks – like those made by hired hackers.
2FA using an on-device prompt gave even stronger protection, blocking 100% of automated attacks, 99% of bulk phishing attacks, and 90% of targeted attacks.
Two-factor also protects you from phishing emails. Say someone sends you a suspicious email that tries to trick you into logging in with your Google or Facebook credential to a fake site. You can tell if the site is fake or legitimate because only the legitimate site will send you a working two-factor code.
Bottom line: being secure isn’t easy. The bad guys are counting on you to be lazy. Implementing 2FA means it takes a little longer to login, but it’s worth it in the long run to avoid losing your data, identity, or money.
2FA as Part of a Complete Cybersecurity Strategy
Although 2FA can prevent hackers from logging into accounts as you, it’s not a cybersecurity catch-all. Cybercriminals can still breach network data using other vectors and entry points. That’s why 2FA should be a component in a larger cybersecurity strategy.
We recommend a layered approach that uses a variety of tools and resources working together to provide maximum protection for your devices, data, and networks.
You can delve into more details with these free resources:
- ITP Approach to Layered Security
- 15 Ways to Protect Your Business from a Cyberattack
- What Shrek Can Teach You About Cybersecurity
Find Out More
Cybersecurity 101: 2FA can Save You from Hackers (Tech Crunch)
More Companies Don’t Rely on Passwords Alone Anymore (Dark Reading)