It's as simple as this: if you don't know what two-step authentication is then you are at risk. Two-step authentication is a method of granting a user access using two or more 'authentication factors'. An authentication factor can be as simple as a password. Using a single authentication factor (a single text password) has become a weak means of protecting online assets.
Despite having the best security measures and following all the 'best practices,' the fact is PCs can become compromised and passwords can be cracked, deciphered and exploited. This can put you and your business at serious risk.
How Bad Can It Be?
One local company experienced first hand just how easily bypassed a password can be. While they had anti-virus and regular checkups from another local IT company (not simpleroute), their accounting computer became infected with a virus. One day they found an unauthorized transfer had occurred to a bank across state lines and the funds were withdrawn in cash from the receiving institution within minutes. The virus had sat silently on the machine watching the employee log into their business accounts and had logged their password which was then used to authorize the transfer. The worst part – the bank claimed they authorized the transfer and weren't responsible for their losses.
The potential for loss can be staggering. Bank sites, company secrets, employee data, customer data, etc are all at risk from insecure systems. Using a second authentication factor can greatly reduce the ability for others to inappropriately access internal and external information and accounts.
How To Protect Yourself
Two-Step Authentication requires the use of a second factor. The first factor is usually a traditional text password. The second, however, is something that is combined with this password to provide the two-part login. The common methods for a second factor include mobile based verification codes and RSA SecureID keys.
Mobile based verification simply requires a mobile phone. Users link their mobile number to their account. Later, when the user wants to login they provide their text-based password which will cause a text message to be sent to their linked cell phone. The text message contains a special code which can be entered for the second part of the two-step authentication. This method introduces a slight delay during login but has the advantage of needing no additional hardware. A text password alone will not provide access to the account – an attacker would also have to have physical possession of the linked mobile device. Two-step authentication is available from many banking sites as well as from Google for those using Google Apps.
In some cases, banks and other institutions can provide keys like EMC's RSA SecurID. These keys have codes that change every 60 seconds in a way that the company can verify but an end-user cannot decrypt. The numbers appear random meaning that even by obtaining a sequence of numbers the next numbers cannot be guessed.
Both methods provide a second step that substantially reduces the ability for an unauthorized party to gain access to accounts.
How simpleroute Can Help
If your business relies on Google Apps for email we can help enable two-step authentication across your domain to ensure your users are protected. We can also provide assistance training employees on best practices in dealing with online accounts and creating company guidelines for online account access. If you are worried about your risks online, contact us today and see how we can help you do everything you can to protect your network.