Have you ever gotten an email asking if a login attempt was you, but it wasn’t you? If you have a single authentication factor set up, this means your only means of defense between your sensitive information and a hacker is just your password. This means your information is exposed the moment that password is cracked.
Passwords can be easily cracked then people think
Imagine you’re a spy from an action movie trying to infiltrate a villain’s base, so you can learn all the villain’s evil plans. In order to gain access to the villain’s base, you must say the secret password to the dumb guard stationed at the entrance. Through movie purposes you manage to figure out the password, before you present yourself to the guard. The guard assumes you are another one of the villain’s goons and lets you in. You now have access to everything in the villain’s base.
If this scenario wasn’t obvious, the spy is the hacker trying to get into your accounts. The dumb guard is the login page, which both have no way of knowing who should and shouldn’t be entering. They just know if you give them the correct password, anyone can access the base or account. Plus, we’ve all seen the villain go on and on with their never ending monologue when they are confronted by the main character. The same could be said for all of us in our everyday lives, we have many things in our minds that we don’t have time to be on the lookout for hackers.
You might think you are safe because you are using a complex password, but guessing every possible combination isn’t the only method of figuring out passwords. With public social media accounts, people can piece together your hobbies and interests that may be a dead giveaway to what your password is. A global password security report from 2019 states that “Employees reuse a password an average of 13 times”, so when one account has been breached, you can bet your other accounts are at risk.
The importance of Two Factor Authentication
For this reason, here at YourTEK Professionals would like to emphasize the importance of Two Factor Authentication or 2FA. Small businesses are targets of cyber security due to small businesses having weak security, and part of that weak security is the lack of 2FA. In addition, businesses may not know how 2FA works or understand the importance of 2FA.
To explain how 2FA works, 2FA is an additional step that adds an extra layer of security to your account. There are multiple types of 2FA, but the most common are verification codes. This works when you have entered your username and password correctly, you will be prompted to input a code that could be sent through email, text, or app. Once that verification code has been entered, you can access your account like you normally do.
Other types of 2FA are security questions and biometrics. Security questions aren’t the greatest, since answers to the questions could be easily found on social media. Biometrics is actually better than verification codes because it uses a face or fingerprint ID to determine your identity, but some have expressed privacy concerns with this method.
Consequently, the importance of 2FA can apply to both business and personal use. COVID-19 made businesses realize the important use of the internet as remote working became common. Implementing a 2FA system allows employees to safely access their accounts from home without putting the business at risk. In return, management doesn’t have to worry much about the possible risk of identity theft amongst their business.
In our personal lives, we use passwords to access different services, like banking, shopping, and streaming. We can have our money at risk, if we don’t use 2FA. Hence, 2FA can benefit the business from a business and customer perspective. A business doesn’t want their information to be stolen, and neither does a customer. Thus, a business would benefit more out of having 2FA, rather than waiting for a potential attack.
2FA can save your business time and money
If I haven’t already bored you with how important 2FA is, I present an incident that could have saved a company millions of dollars, if they had 2FA. In 2021, Colonial Pipeline suffered a cyber attack that held their network system for ransom. Many may remember the impact this incident had regarding the gasoline that Colonial Pipeline supplied. For about a week, there was panic over the supply of gas, so there was traffic in every gas station. All the while, the news was only giving us very little information aside from the company being hacked.
The reason I bring this incident up is because it’s recent and the cause behind this cyber attack was a hacker group that obtained the password of a Colonial employee that was leaked onto the dark web. Colonial Pipeline didn’t have any form of 2FA, so the hackers were able to access Colonial’s network. Colonial Pipeline had to pay a ransom of $4.4 million to regain access to their network, but the hackers had already stolen 100 gigabytes of data. All in all, this incident should be a cautionary tale of the consequences for a weak security.
In conclusion, two-factor authentication provides an extra layer of security that can benefit your business and your customers. While it may seem like 2FA would slow down productivity with another step in logging in, but better safe than sorry. The Colonial Pipeline cyber attack is an example of what happens when a big company doesn’t use 2FA. In fact, many services have started enforcing 2FA, like Google, so 2FA is quickly becoming a common factor in everyday life.
If you are still on the fence with 2FA or have any other TEK questions, feel free to call YourTEK Professionals.