It’s now, regrettably, common knowledge that usernames and passwords can be compromised. Although businesses and employees have become wise to more simple, predictive passwords, the risk of your password still being hacked remains high. Just this month, guidance from the National Cyber Security Centre (NCSC) highlights how imperative 2 Factor Authentication (2FA) is when it comes to protecting important data in your business and at home. Rather than continuing to increase the length and obscurity of passwords, the NCSC now recommend using a double layered approach for logging-on, to anywhere that holds sensitive or important information, called 2 Factor Authentication.
What is 2FA?2 Factor Authentication is an extra scoop of security. Where the username & password is the first scoop, 2FA is the second. 2FA is a second factor using something that you, and only you, have access to. This means, even if your username & password is compromised, the hacker will find it extremely difficult to gain access to your account.
Flavours of 2FAThere are different types and methods of 2FA. Some of the most common include: Authenticators - once the username & password has been entered, the user will receive a push notification on their mobile device (phone or tablet) where they can choose to accept or decline the request. Hardware tokens - a physical key fob that generates a random number for the user, alongside their usual passwords. Text messages - once the user has typed in their password, the 2FA system will text the mobile device a random number, which is then entered to complete the log in process. More recent studies suggest that texts still have the potential to be intercepted by hackers and other means of 2FA would be preferable.
When should you use 2FA?The NCSC recommend you use the 2FA process whenever it’s imperative it's you and not a hacker. Scenarios 2FA should be used would be:
- Remote working and therefore not on the internal business network
- Setting up a new payee for your bank account
- Changing a password