In 2018 Google stated that 90% of active Gmail accounts did not have two-factor authentication set up, which led to questions around why the tech giant had not been prompting its users to set up this security measure. Since then, in 2021, Google has reported that since making two-factor authentication the default security setting for 150 million users who were not already taking this additional measure of cyber protection. Since prompting users to set up two-factor authentication, the amount of compromised accounts has halved.
This decrease in compromised accounts shows how crucial taking additional measures of security is to keep your account safe. Using two-factor authentication is critical as it minimises the chances of an account being compromised as it requires a physical item, such as a security key or a mobile phone to receive codes via SMS, app, or email.
What is 2-factor authentication and how is it different from multi-factor authentication?
Two-factor authentication (2FA), a term interchangeable with two-step verification and dual-factor authentication, is an approach to cyber security that requires users to provide two different authentication factors to very themselves. This method has been used for a long time as a way to protect sensitive data and is being used more and more to keep users’ credentials safe from hackers who have obtained passwords or used phishing campaigns to steal passwords.
Multi-factor authentication (MFA) differs from 2FA because it asks for more authentication factors from the user. Different categories fall into authentication factors in terms of computing such as:
- Knowledge factor – something known to the users, like a password or ID number, etc.
- Possession factor – something that the user physically has, like an ID card, security token, mobile phone, or smartphone, that can authorize requests.
- Biometric factor (inherence factor) – as the name suggests this is inherent to the user. Including fingerprints, facial recognition, voice recognition, and even behavioral biometrics, like keystroke dynamics, gait, or speech patterns.
- Location factor – By limiting login attempts to specified devices in a set location, and can even be restricted to a geographic source when a login attempt occurs.
- Time factor – this element to a particular time window that logging on is permitted, outwith this window access is restricted.
Common forms of 2FA are ID and password or bank card and PIN. The problem with this is that passwords can be easily guessed and bank cards are commonly skimmed at cash points. This problem meant that organisations looked for a better solution to verification.
To learn more about MFA click here.
When it comes to cybersecurity you can never be too safe. All points of access to sensitive data must be fully protected, Workflo has an in-house IT team who are all experts when it comes to keeping your devices safe.