It’s no secret that there are many dangers when protecting online accounts with only basic password-based authentication. Despite this, the transition to stronger forms of authentication has been slow. As consumers and businesses become wiser to the imperative of better protecting their accounts, they realize that two- and multi-factor authentication is a must have.
The National Cyber Security Centre (NCSC) recommends 2FA for all ‘high value’ and email accounts, as email provides a route in for cybercriminals to reset passwords on other accounts. There are many risks involved with having an unsecure network, so organizations must assess their own authentication protocols and boost protection for customers and users where necessary.
Strong authentication is necessary to increase access cybersecurity for accounts and online services. Passwords alone provide weak protection because they can be guessed and phished and, once stolen, tried against a range of accounts in the hope of securing a hit. Unfortunately, our own behavior makes a lot of this possible. People have many online accounts and often to remember all their passwords they choose simple ones which, in the worst-case scenario, can be easily guessed.
Research revealed 54% of employees reuse the same passwords across multiple work accounts. Password reuse enables credential stuffing, in which log-in information is entered into a range of digital services, often by an automated system or program. This can lead to a detrimental attack since a wide range of your accounts are susceptible to breaches and takeovers.
The Working-From-Home Effect
For many businesses, hybrid remote/office working environments add to the urgency to strengthen authentication practices. It is likely that many people will continue to work from home, at least some of the time, despite the return to offices. A range of organizations have already indicated plans to continue supporting a flexible approach. This means expanded corporate IT estates comprised of many more devices accessing networks, systems, and applications from many more places.
The time when security was focused at the corporate perimeter now seems further and further behind us. Now, companies must mitigate security risks and protect access at the device and application level. Yet, despite 2FA technology being the best line of defense to protect against account takeovers, research found only 22% say their company has introduced it since the pandemic began.
Strong and Convenient 2FA
2FA strengthens authentication because it adds another factor such as, something the user has (a one-time passcode or security key) or something they are (a unique physical attribute such as a fingerprint) to the something they know (usually a username and password). Strong authentication, through tools such as hardware security keys, bolster security without inconveniencing the user. This is a key consideration for both business-to-business (B2B) and business-to-consumer (B2C) organizations. OTPs, often sent by text, while popular as a second line of defense, aren’t completely resistant from cyberattacks. They can also create friction in the log-in process and stall it altogether.
Our passwords, which have been our primary line of online defense for so long, are now ill-equipped to deal with the range of threats they now face. Password usability has significantly decreased since the number of accounts we all manage has proliferated to such a degree that password management is a very real problem. Only through a wider understanding and implementation of stronger forms of authentication will business and consumer accounts, services, and applications realize the higher levels of protection they deserve.