Two-factor authentication (2fa) is a method of establishing access to an online account or computer system that requires the user to provide two different types of information. A factor in this context simply means a way to convince a computer system or online service that you are who say you are, so the system can determine if you have the rights to access the data services that you're trying to access. By far the most common authentication factor in use today is the username/password pair, and since most accounts only require a password for access, most systems thus use single-factor authentication for security. With two-factor authentication, you'll need to both provide a password and prove your identity some other way to gain access.
World Password Day is coming up on May 2, and this will provide the perfect excuse for media outlets--Connected World among them--to talk about authentication and device security. The same password best practices are often regurgitated over and over again when this subject arises, in part because people still aren't following the most basic of these suggestions, like not using "password" as a password. For this reason, the industry still needs to push best practices out to the public. But are the traditional best practices good advice, really? What about the advice to change passwords frequently?
Organizations spend a lot of time, money, and energy protecting themselves from hackers and cybercriminals. Much of that effort goes toward securing their networks, data, and other assets. But all that security can go only so far if your employees aren't protecting their own logins, accounts, and information. Such tools like multi-factor authentication has gained traction, but the poor use and management of passwords remains a thorn in the side of security, says a report released Tuesday by LastPass. In an analysis of more than 47,000 organizations around the world that use LastPass for password management, LastPass found that 57% adopted multi-factor authentication (MFA), up 12 percentage points from last year's report.
What will life after passwords look like? For many companies, the goal is for the authentication of customer and employee identities to be nearly invisible, taking only a second as a shopper logs into the website, or running in the background as office staff do their work. To achieve that, and be able to accurately verify that employees and customers are who they say they are, companies are embracing new technologies--including biometric scans of faces and fingerprints, and behavioral-monitoring systems that track such activities as what apps you open most frequently. As hackers are getting more sophisticated, traditional passwords are starting to be seen as less secure. The recent data breach of credit-reporting agency Equifax Inc. EFX -3.81% is likely to raise further questions about using Social Security numbers and other personal data to authenticate a person's identity, and to fuel the push for better authentication methods.
Are biometric methods secure for two-factor authentication in the enterprise? Much has been made about the fact that biometric authentication is not always infallible, but is it "good enough" to take some of the pressure off of the notoriously fallible password? According to a new study from Goode Intelligence, the answer is "yes," and in the just-released report on the study the company lays out the business case for biometrics. As an example, London-based Goode Intelligence's survey found that 67% of respondents use biometrics to verify a customer's identity during digital customer on-boarding. The EU's General Data Protection Regulation has set stricter security requirements on the data companies collect about customers, and Goode's research shows that it costs an average of $4,000 to go through that on-boarding process for each new customer.