Two-factor authentication – Is it necessary? How do I get my employees to use it?

Derek Wiedenhoeft
by (19posts) under Compliance, Security, Technology

Contributing writer: Ahmed Muztaba

Why two-factor?

Today, nothing is more valuable than information. Because the majority of online content is behind the lock and key of the so-called “deep web,” it’s no wonder that hackers are more interested than ever in ferreting out secure information. Today’s great heist doesn’t require a cat burglar. A mouse is easier to maneuver.

Two-factor authorization (or 2FA) arose as a bulwark against the hijinks of Internet pirates whose Trojan Horses and phishing scams were netting easy prey. The premise is simple: by requiring a second layer of verification, it makes your data twice as hard to access illegally. You can see this everywhere; from the chip-and-pin credit card requirements to the “secret questions” that some websites require their users to answer.

The trouble is that while 2FA made browsing the World Wide Web safer, it also created headaches for thousands of users whose daily routines were made, yet again, more complicated.

Employees have a host of reasons for disliking 2FA, from the extra time it eats up to the greater likelihood of something going wrong (entering twice the information means double the chance of mistyping) to the frustrating process of re-securing a 2FA account when one factor has been compromised or forgotten.

Some don’t even see the point of a two-factor system, considering those systems also have a history of leaking data to hackers. While no data is 100 percent secure anywhere, two-factor authentication has undoubtedly made sensitive information more secure. For example, officials blamed the lack of 2FA for the Dec. 2014 security lapse that led to the hack of 83 million JPMorgan Chase customers. Let’s take a look at the kinds of authentication used in 2FA.

Kinds of authentication

Not all 2FA models are created equal. Authentication of any sense always takes one of three forms: knowledge, device, or biometric.

Knowledge authentication

Knowledge Authentication

Knowledge authentication verifies your ID through a password or secret question that only the account holder knows.

Device authentication

Device Authentication

Device authentication sends an authorization code to the account holder, usually through a text message or special app like Google’s Authenticator.

Biometetric authentication

Biometric Authentication

Biometric authentication uses your fingerprint, voice, or retina to verify your ID.

Combining any two of these creates two-factor authentication. An example of this is requiring users to enter a random string of digits from a number-generating key fob in addition to a password. Medical offices have been a good example of providing these key fobs to personnel who need to access record rooms or sensitive patient data on a server. Because the key fobs generate new digit codes every 30-60 seconds, the likelihood of them getting hacked is small. Combined with a personalized passcode, users access the data in a more secure fashion.

Are there drawbacks?

Despite the clear security advantages of 2FA, employees dislike it. One study found that 74 percent of companies that employ two-factor authentication practices regularly receive complaints about the practice.

And it’s no wonder. Two-factor practices hinder the user experience. Employees, especially those who don’t handle sensitive information, can find them to be overly burdensome to their workflow. It also means that employees must have access to a second device, like a key fob or mobile phone, with them at all times if they want to log on to company systems. That can lead to wasted time searching for the device or waiting for a replacement.

Many also voice concerns over the necessity of 2FA systems if their passwords are already required to be strong and changed regularly. That kind of IT practice can feel like overkill to administrative assistants who are merely trying to schedule a meeting on a business calendar.

How do we get employees on board?

  • Explain the benefits of two-factor authentication. It takes just one employee to leave an entire company at risk – that means that payroll news, benefits information, salaries, Social Security numbers, and HR files could all be vulnerable. Nobody wants to be the victim of identity theft.
  • Make the process easy. If you already have employees who have complained about regularly updating passwords, prepare for a bigger mess. Usually, the best way to roll out a two-factor authentication system is to use a mobile phone app or text message prompt as the second form of verification. Because employees today are never far from a phone, using a text message form of ID means they don’t have to buy a new device to log in.
  • Roll out the process gradually, if you can. Start with the staff that handles the most sensitive data and move outward. The goal is to get every member of your organization on board with as little hassle as possible. If too many people begin at once, the workflow could be harmed. Instead, let institutional knowledge of the new process build from the ground up. As more employees come on board, they can help train the next wave.
  • Provide lots of assistance and lots of assurance. Computer problems are really just frustrations in disguise. Understand that change is hard and doesn’t come easy. Reassure employees that this simple process is in their best interests.

The truth is that 2FA systems are some of the easiest and best ways to protect sensitive data from hackers. The above guidelines are suggestions on how to inform those who will be impacted by this chance. By better preparing and educating employees, companies can increase the satisfaction amongst its users who use 2FA.


Related Posts

Cloud Hosting

New York, NY

100 Delawanna Ave, Building 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Orlando, FL

2201 Lucien Way, Suite 401

Maitland, FL 32751

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4