What Should We Consider When Implementing Two-Factor Authentication?

What Should We Consider When Implementing Two-Factor Authentication?

Password security is an ongoing issue that many companies face. Even more so now that most data is being stored in the cloud, and businesses are using mostly cloud workflows.

When you work in the cloud, all your data is as secure as your least secure account password. And people often aren’t using very strong passwords at all. 49% of employees say that when they’re required to change a password, they only change one digit.

80% of all data breaches in 2019 were the result of a password breach.

One of the IT security protections that companies use to combat compromised passwords is two-factor authentication (2FA). When 2FA is put in place on account login, the user must supply an additional form of authentication before they’re granted access.

This will generally come in the form of a code being sent to a physical device once the username and password have been entered. The user pulls out their phone or security key and enters that time-sensitive code into a form to complete their login.

According to statistics from Microsoft, implementing 2FA can block 99.9% of false sign-in attempts by hackers. It’s a “must-have” when it comes to cybersecurity best practices, however, it must be implemented with a strategy.

If you just start enabling 2FA on every cloud account login your employees use, you can end up with problems that you didn’t anticipate.

Here are some of the important considerations when you’re planning to implement two-factor authentication at your business.

How Many Applications Employees Use

23% of employees say that using two-factor authentication is “very inconvenient.” This is often because their company has them using it several times a day between all the different apps they use.

If your employees use more than 3-4 apps daily that they need to sign in to, then you can reduce the inconvenience of 2FA by using a single sign-on (SSO) solution. An SSO provides a single portal where employees can sign in and enter a 2FA code once to gain access to all their business apps.

This streamlines the process and ensures productivity doesn’t take a hit with the increased password security.

How Your Team Will Receive the 2FA Code

There are three standard ways that a person can receive the code to complete sign-in when two-factor authentication is enabled. These are as follows:

  • SMS: The most common method is receiving the code via text message.
  • Authentication App: Another popular way to complete 2FA is through an on-device authentication app that will display the code.
  • Security Key: A less common, but more secure way to receive the code is through a small security key device that you plug into a PC or mobile device.

According to a study provided by Google, which tested three different types of attacks (bot, bulk phishing, targeted), there are some differences in how secure each of those methods is.

SMS/Text message is the least secure because SIM cards can be cloned. This method blocks between 76%-100% of account attacks, depending upon the method.

The second on the security scale is an authentication app, which blocks 90%-100% of attacks.

A security key is the most secure, blocking 100% of all three attack types.

It’s important to understand your 2FA options and balance cost/convenience with security for the best fit.

Policy for Lost Devices

If an employee loses the device that receives the two-factor authentication code, how do they get into their accounts? You want to have a plan for this BEFORE it happens.

It’s a good idea to set up a “what if” session with a trusted IT pro, like Unity IT. We can help you put steps in place to secure a lost device and get your employees logged back in with the 2FA security still intact.

User Education & Guidelines

Your password security policies and guidelines are important for your company’s data security. You can spend time and effort putting two-factor authentication into place, but if you don’t properly educate your users, you could end up with people bypassing 2FA or setting up new cloud apps without your knowledge that don’t have 2FA enabled.

It’s important to train employees on your two-factor authentication system, why all logins must use it, and your guidelines requiring 2FA use. Proper education upfront can help you avoid problems or pushback later.

Consider Other Authentication Solutions

Because password security is such a big concern in the IT security world, vendors are coming up with solutions that don’t even require employees to use passwords at all.

One of these is Azure Passwordless Sign-in. This feature uses alternate methods of user authentication and can be an excellent option to use alongside two-factor authentication to provide options for your users.

Let’s Put Together Your 2FA Roadmap for Success!

Unity IT can help your Fresno area business with a thoughtful and effective approach to two-factor authentication that’s convenient, fluid, and protective.

Contact us today to schedule a technology consultation at 559-297-1007 or reach out online.