share

2-Factor Authentication at an Enterprise Scale

Posted by Rebecca Ney on Jul 27, 2018 2:25:02 PM
Rebecca Ney
Find me on:

2-Factor Authentication at an Enterprise Scale

As cybercrime becomes more sophisticated, Australian organisations are finding their legacy security systems are inadequate against modern threats. Other times, data loss caused by simple human error has led to severe representational and financial loss.

The after-effects of these breaches are also devastating for consumers. Stolen credentials can lead to credit card fraud, drained crypto-wallets and bank accounts, and compromised personal information. For this reason, clients and consumers will no longer accept subpar information security management systems by the businesses they deal with. 

The need for greater protection is clear, and for many, two-factor authentication is a positive step towards greater cyber security solutions. Two-factor authentication, often simply referred to as 2FA, is empowering businesses with a simple and secure authentication solution that is easily manageable and highly scalable.

 

What is 2-Factor Authentication?

Two-factor authentication refers to a security system that requires two different types of credentials to authenticate a user to allow them access to an account. It is designed to provide an additional layer of validation, which minimises security breaches.

Typically, one of the security mechanisms employed by two-factor authentication systems is a password or code followed by another credential such as SMS, hardware tokens or authenticator mobile application, and increasingly as biometric e.g. fingerprint.

 

How Does 2FA Differ from other systems?

A two-factor authentication system differs from other authentication and access control systems in that it requires a two-step process to access a protected account. After entering the username and password, the user must also provide another piece of information to gain access to their account. The second factor could be in the form of one of the following categories:

  • Something the user knows: Like a password, personal identification number (PIN), a specific keystroke pattern, or answers to their secret questions.

  • Something they have in their possession: Like a smartphone, small hardware token, or an ATM card. Physical tokens are becoming less common.
  • The user themselves: This is an advanced category that includes the biometric pattern such as an iris scan, voice print, or fingerprint.

Benefits of 2FA

There are several noteworthy benefits of two-factor authentication, which is why adoption of the protocol is high across many industries. Market Research Future (MRFR) recently published a report, with a market forecast up to 2023. In it’s study, they state that the global Two Factor Authentication market will register a staggering double digit, Compound Annual Growth Rate (CAGR) of 19.6% between 2017 and 2023.

The use of 2FA and MFA within organisations is increasing significantly because of benefits like:

  • Ease of adoption
  • Greater security
  • Increased opportunity for secure remote working
  • Reduced operational costs from less on-site employees 

Possible Challenges of Enforcing 2-Factor Authentication

Despite the huge benefits of 2FA, there are some challenges facing enterprise-wide adoption of 2FA or MFA although all of these can be managed effectively or avoided completely. These may include:


1. Budget constraints

Employee training and system onboarding can take a lot of time if not managed correctly.

 

2. Employee resistance

It’s human nature to resist change, and for employees who have little understanding of the increasing need for improved cyber security and have been ‘set in their ways’ for years or even decades, this new security protocol might be seen as a step too far.

 

3. Sophisticated systems

Sometimes an organisation may end up choosing a sophisticated and hard-to-use two-factor authentication system from a highly proprietary company. The best systems to use should have built-in redundancies, no single point of failure, allow graceful migration from other technologies, and have well-documented cryptography standards that can withstand external attacks.

 

4. Complacency

There may be resistance to “fix what’s not broken” as the idea of an attacker compromising a username and password that allows access to a company’s IT assets may seem far fetched to some, but it is becoming all too common. While two-factor authentication is not completely foolproof, if an attacker does not have the second factor, a username and password alone are much less valuable to them.

 

Strategies to Ensure Enterprise-Wide Adoption

Organisations need to bridge the gap between additional layers of security and employee tolerance if two-factor authentication systems are to succeed. This can be done in the following ways:

  • Enterprise-wide employee security training on the purpose of these systems and how to use them effectively to ensure security.

  • The organisation can come up with defined parameters that only activate if the system senses an unusual behaviour pattern in the network.

  • Implementing disciplinary measures for negligent employees to ensure strict adherence to security protocols.

 

The Bottom Line

Two-factor authentication systems provide an additional layer of security needed to safeguard an organisation’s sensitive data from breaches, theft, unwarranted external access, or loss.

There is an increased sense of importance and urgency for their enterprise-wide adoption to protect against rising levels of cybercrimes and security breaches. To discuss how The Missing Link can empower you to improve your organisation’s information security protocols, get in touch with us today.

AUTHOR

Rebecca Ney

Resource

If your network future-proofed?

GRAB A COPY
UP NEXT

2018 Trends in Cyber Security: Building Effective Security Teams

As cyber security has become more complex, traditi...

The Top 5 Highlights from the Cisco 2018 Cybersecurity Report

Now in its 11th year, the Cisco Cybersecurity Repo...

What is Endpoint and Application Security?

As businesses face information security threats fr...