You know the story, always use a unique password, a complex one, never write them down or share them. The problem being we’re human and modern life just seems to consist of usernames and passwords. So the unavoidable happens, we write them down, keep them simple and re-use the same passwords. We need something else to protect not only our business but also our personal lives on the internet.
One way is to use a password manager that tracks, generates unique and complex passwords for the sites and applications you use on a daily basis.
Creating a secure password that you can remember is hard enough; doing it for every website is just about impossible—unless you use a password manager.
Another way that adds a layer of extra security is Two-Factor Authentication. Modern IT security is all about layers!
Sometimes referred to as 2-Step Verification, 2FA, Two-Way Authentication, Multi-factor authentication or even Three-Factor Authentication!
Why we need another layer of security?
Ten years ago we needed VPN (Virtual Private Network) connect to our email, access our files in the office and look up clients in our customer database. Today, the majority of this is accessible from any location, any device and anytime. This era of easy access exposes your business applications to the whole world. A password isn’t going to cut it anymore.
What is two-factor authentication?
A username and password you have are called One-Factor Authentication, something you know. Two-Way Authentication is something you have physically, like a phone or a hardware token.
The physical device is unique to yourself and is recognised by the system. It will confirm its presence by either sending push message asking you confirm that this is you. So you log into your online accountancy system on your desktop computer, your mobile requests you to confirm this is you logging in.
As this typically relies on two-way communication, it doesn’t always lend itself to everyday situations. So another way is a one-time password or code. Based on the time of the day, your device will generate what seems like a random set of numbers. The requesting application the other end knows what these numbers will be.
A simplistic example of how this works?
Let’s both agree on a secret number, say 5 and never mentioned it again.
When we want to talk to one another, we’ll ask for a code to confirm identity. The code will be current time in minutes plus our secret number. So if the time were 17 minutes past the hour, our reply would be 22.
Secret Number + Time = One time code
The other party would do the same sum and expect the answer 22. The verification process has happened without actually communicating the secret number 5.
Then imagine this process scaled up using large sets of numbers and complex mathematics.
You’re probably already using Two-Way Authentication
Hopefully, you already use some form Two-Way Authentication with online banking? An app on your smartphone or little calculator device that generates a code everytime you need to check your balance.
What methods can I use for authentication?
- Text message
- Phone call via mobile or landline
- App that asks for permission called a push request
- App that can generate a one time code
- Hardware Token key that generates a code
- Smartcard or USB Keys like the Yubikey
- Any trusted Mobile Phone, Tablet, Laptop, etc
What common business applications support Two-Factor Authentication?
Most cloud service providers give you the option to switch on Two-Factor Authentication. Other on-premise and traditional applications can use broker service that does the authentication part.
- Office 365
- Google Apps and Gmail
- VPN connection
- Windows logins
You mention Three-Factor Authentication?
It’s now becoming mainstream for phones to have a built-in fingerprint reader. So an application accepts your password, something you know. Which in turn trusts your phone, something you have. Finally, your phone verifies you’re the rightful owner via recognition of your fingerprint, something you are.
If you like to find out more about how we can help your business with improving security with Two-Way Authentication and other technologies, contact David or Jamie on 0131 225 2215 or email@example.com