The significance of creating strong passwords is with other words more important than ever.However, just relying on strong passwords is not enough.
Here are some worrying facts about this traditional security measure:
- 90% of passwords can be cracked in less than six hours
- Two-thirds of people use the same password everywhere.
- 57% of people who have already been scammed in phishing attacks still haven’t changed their passwords.
(Source: The Business Journals)
How can 2FA help you?
2FA (also known as 2-Step verification) is an additional layer of security used to ensure only authenticated users gain access to an online account. Initially, a user will enter their username and a password as usual. Then, rather than gaining access straight away, they will be required to provide additional information.
This second factor could come from one of the following categories:
- Something you own:
A code from an Authenticator app on your phone, or a code sent by SMS to your phone.
- Something you are:
A biometric indicator, like your fingerprint (Touch ID) or facial recognition (Face ID)
With 2FA, a potential compromise of one of these factors will not compromise the account itself. So, even if your password is taken or your phone is astray, the chances of someone else having access to both factors is not likely.
Unfortunately, passwords are still the main (or only) way many employees protect themselves. But, the good news is that there is an increasing awareness from companies to use 2FA.
People do not use Two-factor authentication
The Norwegian annual hidden statistics report (“Mørketallsrapporten”) for 2020 show that only four out of ten people use 2FA while cyberattacks is one of the three most common security incidents.
The Head of Security at Admincontrol, Ole Martin Refvik, says the results are alarming.
– In my opinion, everyone should have 2FA in place. The top management need to put security on the top of their agenda and make sure their employees use 2FA.
Refvik is convinced that the lack of awareness is part of the reason for 2FA not being used.
– People don`t realize the security benefit this additional factor gives and how effective it is in protecting against cyberattacks. That’s why we need to encourage people to start using it. It’s not that hard when you are used to it.
Refvik explains that several types of two-factor authentication are in use today, some may be stronger or more complex than others, but all of them offer better protection than passwords alone. Let’s look at the most common forms of 2FA:
- One Time PIN (OTP), either from an Authenticator app or Hardware token.
- Code from SMS text message
- Fingerprint scan (TouchID)
- Facial Recognition (FaceID)
Read more about 2FA and see what two factor authentications are available in Admincontrol Help Centre
At Admincontrol we have recently been looking at these issues in depth and have produced a handbook for boards on how to manage the impact of hybrid working on cybersecurity.