Two-Factor Authentication: What you don’t know can harm your IT infrastructure( Softwares and Hardware Devices)Esang U. E
Employing secure passwords is now more important than you could ever think. The fact that passwords have substantial monetary values attached to them, gives hackers the reason to hack them. Data breaches and password leaks have constantly developed media attention over the years, thereby leaving millions of user accounts vulnerable or susceptible to being accessed by cybercriminals.
In order to create an extra layer of security to prevent easy access by hackers, you will need to understand the importance of the two-factor authentication mechanism and employ it. This is simply because, a cybercriminal needs more than just your username and password credentials to perform attacks. The truth is that you may be actually using the two-factor authentication without knowing what it actually is. A common example where this mechanism is deployed is your ATM cards as it uses both your card itself and your 4-pin number.
I’ll quickly explain the concept of the 2FA (a brief for Two-factor authentication) which I’ll be using more frequently in this writeup.
What is the 2FA?
The 2FA is an extra layer of security which can also be referred to as multi-factor authentication which requires not only a username and password but also requires something that only a dedicated user has on them. By this I mean a piece of information only they only should know and can provide by hand whenever its needed. An example is a physical token.
How do you deploy 2FA?
Based on the definition above, A 2FA mechanism should require the following of you,
- It should be something that you know and are used to ex- A Pin Number, a pattern or password.
- It should be something that you have example; A credit or ATM card, a mobile phone or security token (a key fob or USB token)
- Finally, it should be something that is unique to you example, A bio-metric authentication such as a voice print and a fingerprint.
How Strong is a Two-Factor Authentication?
As you well know, nothing is in its actual sense 100% safe or secure, and as such account is still prone to hacking through some social engineering means such as a shoulder surfing and other password recovery options. Take a instance if you’re performing a password reset in cases where you forgot your password, retrieving it by email can totally bypass the 2FA mechanism. Now if an attacker has access to your email account which you linked your 2FA to, he can capture your password directly to perform an attack on you.
My emphasis is that you always monitor your email account for phishing emails and those ones that carry messages requesting for password changes.
What are the downsides of this security mechanism?
The shortcoming of this security mechanism is that the new hardware tokens which take the form of key fobs and card readers always need to be reordered and this can slowdown business for the company. This is so because customers are always wanting and waiting to gain access to their own private information using this means of authentication.
Tokens are also usually small and can be easily lost thereby causing more problems for everyone especially when clients are on the waiting list for them.
I’ll also shade a little light on some password security measures you should know coupled with the 2FA
- Many or millions of people have taken to using birthdates, phone numbers, addresses and words as passwords. These are the passwords that can easily be cracked by performing dictionary attacks and brute force attacks.
- Avoid using the same password across multiple accounts.
- Take it as a culture to employ user passwords that are 8 characters at least and always make use of a unique combination of both lowercase and uppercase letters, numbers, stringed characters and numbers as well.
In Conclusion, the use of the 2FA mechanism can go a great length to lower the number of cases of phishing via emails and online identity theft, because the hacker will require just more than the users name and password credentials as explained earlier.
Using a Two Factor Authentication process can help to lower the number of cases of identity theft on the Internet, as well as phishing via email, because the criminal would need more than just the users name and password details.
To get more information on this and many more security information, we at Soutech web Consultants have a comprehensive list of courses that cover all you may need to know about online security and basic internet safety tips you should know as well as the countermeasures.
Subscribe to our ethical Hacking Course today via www.soutechventures.com/courses to learn a course today.