Security is a key consideration in 2018, for businesses and for individuals. Sharp spikes in cyber crime targeting broad swathes of people and organisations to try and find that one that might be vulnerable means we all need to be more vigilant. Device and network security is increasingly important. From ensuring compliance with incoming data protection regulation, to preventing unnecessary data loss – business or personal – phones, tablets and networks need all the protection that they can get. Which is where two-factor authentication comes in.
What is two-factor authentication?
It’s an additional layer of login security that makes it more difficult for someone who shouldn’t be accessing a network or device to get into it. It’s like having an additional lock on your front door or adding a security wall around a building. Instead of relying purely on the traditional username and password combination, two-factor authentication means that something extra is also required. This could be something from a physical token – for example, contained within a key fob – or it may be a PIN number generated by an application.
Why use two-factor authentication?
The answer is obvious: it could be the extra layer of protection that stops you experiencing a security event. Introducing it often produces resistance because it does add one more step to the process of opening a device or logging on to a network. However, it’s also one more step for someone who shouldn’t be on that device or in that system and so makes it much more secure. Usernames and passwords can be simple to guess at – “123456” remains the most commonly used password, for example, and 50% of people use 25 of the most common passwords. The two-factor authentication step is likely to be far less easy to guess at and much more random, providing not just an extra layer of protection but more complex security too.
Two-factor authentication and personal phones
There are benefits to both individuals and businesses in ensuring that everyone has two-factor authentication on their own personal phones. If those phones are used to access business networks then it should be an essential requirement in order to protect that business asset. One person can make an entire business vulnerable with poor device security but two-factor authentication helps to ensure that everyone is working to the same high standard. Even outside of business purposes, it still makes sense to use two-factor authentication to protect a device. We tend to use our phones for so many things these days, which means that if they are lost or stolen everything, from photos through to bank passwords and email logins, could very easily fall into the wrong hands.
- Does two-factor authentication allow an employer to see what’s on an employee’s phone? No, it’s simply a layer of security, there’s no implication for data privacy.
- What happens if a phone is lost? Whoever finds it will be locked out. The owner can be given new credentials and a new code for a new device.
- Can employers insist employees use this? Potentially yes when it comes to business-owned phones. For personal phones it’s likely to be a strong recommendation.
- Is it worth the effort? Yes, according to Symantec 80% of security breaches could be prevented with two-factor authentication.
If you’d like to find out more about how to protect your data, devices and networks please get in touch.