The recent LinkedIn password breach and the various Mac and Windows Trojan horses have many small business managers wondering if their data is actually safe. Even if you take steps to ensure safety, they may not be enough and your data may still be at risk. One method companies could implement is two factor authentication.
Two factor authentication is a method of accessing something through the use of two different “factors.” There are actually three different factors a user can use for authentication, but you only need to use two. The three factors are:
- Something the user knows. This is the most commonly used factor in all authentication, and can be something like a password or a PIN. This also includes the security question asked when you forget your password.
- Something the user has. This is the most common second factor of authentication and is typically a device or physical object the user has. Objects can include key fobs where you press a button to get a randomly generated code to enter, a credit/ATM card or an ID card.
- Something the user is. This is a less common form of authentication, especially for small businesses, as it relies on a physical attribute of the user like a fingerprint.
When a company uses two of these factors to authenticate users, they are using two factor authentication. Chances are high, you already use this with your bank or another organization.
Should small businesses implement two factor authentication?
In a recent report published by Verizon Business, businesses with 11-100 employees were by far the most targeted groups with 57% of data breaches. Businesses with 101-1,000 employees were the next most targeted with slightly under 10% of data breaches. The report goes on to suggest that the main reason small businesses are being targeted is because of generally lax security.
Before you rush out and implement a two factor authentication system, you need to be aware that it will not prevent all attacks, two factor authentication can still be hacked. It just takes more time and effort than most hackers are willing to invest to hack into systems that use this form of security. Before you implement any new security measures be sure to talk with your IT support provider or an expert like us, we may have a solution that fits your business.