Two-factor authentication (2FA) –or multi-factor authentication (MFA) in general – has grown in importance in security in recent years. This is about how users (employees and customers) authenticate to systems.
First of all, authentication by username and password is called One-factor authentication (1FA). However, in order to increase safety, 2FA or MFA has been increasingly used in recent years. For instance, one possibility for a second factor is the Time-based One-time Password (TOTP) method, which is probably the best known method used in countless applications. For example, the TOTP procedure is used by Google and Microsoft in the Authenticator app. Also, many may remember the tokens of e-banking systems, which had to be renewed every 60 seconds.
To sum up, this combination between username/password and a second system, which is mostly based on personalized hardware such as your mobile phone, is considered to be 2FA.
The possible authentication factors can be divided into three different categories:
- Knowledge: the user has certain knowledge, which is known only to him. For example, these are passwords, pins, or answers to security questions
- Biometrics: the user clearly uses biometric features such as his fingerprint, face or iris pattern
- Hardware: the user owns an item that helps him with authentication. For example, a code generator, an SMS or an email to his mobil telefon. Or hardware in the form of a card or token.
1. Data is more secure from third-party access.
Usernames and passwords of customers and employees are vulnerable to theft, for example, they are either not complex enough (in many cases only a few letters such as “123456”) or can be read out by Trojan. Another vulnerability is the writing down of passwords, either physically or digitally. Therefore, 2FA / multi-factor authentication can prevent attacks despite successful password entry.
2. They increase their reputation towards customers.
Many customers don’t mind taking an extra step when they know it serves their safety, because, they gain additional trust when they know that the security of their data is important to the company.
3. Productivity can be increased or maintained.
As data access becomes more secure, employees can increasingly be allowed to work from home.
In times like the current coronavirus crisis, it helps to maintain productivity, but, in normal times, employees can increasingly access the systems from home or on the go. According to the Harvard Business Review, this can lead to an increase in productivity of up to 13% (Harvard Business Review).
4. Lower operational costs.
Access for hackers is made more difficult and this can minimize system failures.
The EU-wide GDPR Guidelines, as well as the Data Protection Act adapted to Switzerland, requires notification to the Confederation if personal data is lost, deleted, destroyed or altered or if unauthorised persons are disclosed or made available to persons (Art. 4 lit. g E-DSG). In conclusion, improved security measures can prevent fines.
5. Armed for possible standard.
2FA or MFA can be used by the Federal Council as a standard for companies with sensitive data with regard to data security (Art. 7 Data Security & Art. 11 E-DSG).
In conclusion, organizations that are serious about security have no choice but to implement multifactor authentication, since it is currently a recognized and proven practice to authenticate users with multiple factors to protect sensitive data.