Atlantic.Net Blog

Is Two-Factor Authentication Necessary? How Do I Get My Employees to Use It?

Editorial Team
by Atlantic.Net (261 posts) under HIPAA Compliant Hosting

Contributing writer: Ahmed Muztaba

Why is two-factor authentication necessary?

Today, nothing is more valuable than information. Because the majority of online content is behind the lock and key of the so-called “deep web,” it’s no wonder that hackers are more interested than ever in ferreting out secure information. Today’s great heist doesn’t require a cat burglar. A mouse is easier to maneuver.

Two-factor authorization (or 2FA) arose as a bulwark against the hijinks of Internet pirates whose Trojan Horses and phishing scams were netting easy prey. The premise is simple: by requiring a second layer of verification, it makes your data twice as hard to access illegally. You can see this everywhere; from the chip-and-pin credit card requirements to the “secret questions” that some websites require their users to answer.

By reducing the points of vulnerability in your company, both company and employee sensitive data can remain far less likely of being breached. Requiring strongly-typed password used to be enough, but with the increase in computing power and prevalence of botnets, a person or organization with malicious intent can have an immense amount of resources to harness. This means that once touch-to-crack passwords are now much easier to crack. By requiring a second layer of authentication that requires a code to be entered within a given amount of time before expiring, this can greatly prevent widespread damage.

Kinds of authentication

Not all 2FA models are created equal. Combining any two of these creates two-factor authentication. Let’s take a look at the kinds of authentication used in 2FA: knowledge, device, or biometric.

Knowledge authentication

Knowledge Authentication

Knowledge authentication verifies your ID through a password or secret question that only the account holder knows.

Device authentication

Device Authentication

Device authentication sends an authorization code to the account holder, usually through a text message or special app like Google’s Authenticator.

Biometetric authentication

Biometric Authentication

Biometric authentication uses your fingerprint, voice, or retina to verify your ID.

An example of this is requiring users to enter a random string of digits from a number-generating key fob in addition to a password. Medical offices have been a good example of providing these key fobs to personnel who need to access record rooms or sensitive patient data on a server. Because the key fobs generate new digit codes every 30-60 seconds, the likelihood of them getting hacked is small. Combined with a personalized passcode, users access the data in a more secure fashion.

What are employees’ concerns?

While two-factor authentication makes browsing the World Wide Web safer, it can also create headaches for employees who were used to just entering a password to login at work. From the perceived extra time it can take to login and start being productive, to the greater likelihood of something going wrong (entering twice the information means double the chance of mistyping), employees can have a host of concerns and worries regarding 2FA.

Two-factor practices can hinder the user experience. Employees may need to keep a device, like a key fob or mobile phone, and have it with them whenever they want to log on, which can be frustrating if a device has been lost or stolen. Some also may question the security of the methods of two-factor authentication themselves. While no data is 100 percent secure anywhere, two-factor authentication has undoubtedly made sensitive information more secure: officials blamed the lack of 2FA for the Dec. 2014 security lapse that led to the hack of 83 million JPMorgan Chase customers.

As with everything, there are learning curves to implementing 2FA. Employees, especially those who don’t handle sensitive information, may not understand the necessity for it. One study found that 74 percent of companies that employ two-factor authentication practices had employees who were frustrated with 2FA.  There are several concerns that, if communicated correctly, can help your employees to better understand why two-factor is so imperative.

How do we get employees on board?

  • Explain the benefits of two-factor authentication. It takes just one employee to leave an entire company at risk – that means that sensitive data like company secrets, payroll, benefits information, salaries, Social Security numbers, and HR files could all be vulnerable. Nobody wants to be the victim of identity theft.
  • Make the process easy. Usually, the best way to roll out a two-factor authentication system is to use a mobile phone app or text message prompt as the second form of verification. Because employees today are never far from a phone, using a text message form of ID means they don’t have to buy a new device to log in.
  • Roll out the process gradually, if you can. Start with the staff that handles the most sensitive data and move outward. The goal is to get every member of your organization on board with as little hassle as possible. If too many people begin at once, the workflow could be harmed. Instead, let institutional knowledge of the new process build from the ground up. As more employees come on board, they can help train the next wave.
  • Provide lots of assistance and lots of assurance. Computer problems are really just frustrations in disguise. Understand that change is hard and doesn’t come easy. Reassure employees that this simple process is in their best interest.

The above guidelines are suggestions on how to inform those who will be impacted by this chance. By better preparing and educating employees, companies can increase the satisfaction among its users who use 2FA. Two-factor authentication implementations don’t have to be hard! By communicating the benefits, you can educate your users all while securing your data.


Atlantic.Net Can Help!

At Atlantic.Net, we have earned national recognition for our growth and superior customer service. With decades of experience in the hosting industry, our professional sales and technical teams can assist you. Contact our Sales team today for more information! [email protected] or 888-618-DATA (3282)

Start Your HIPAA Project with a Free Fully Audited HIPAA Platform Trial!

HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!

Start My Free Trial

Looking for HIPAA Compliant Hosting?

We Can Help with a Free Assessment.

  • IT Architecture Design, Security, & Guidance.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!
Stevie Gold Award
Inc 500
Global Infosec 2021
Ehla Badges 2021 Winner
Made In USA

SOC Audit HIPAA Audit HITECH Audit

Case Studies

White Papers


Recent Posts

How to Install Apache Solr on Oracle Linux 8
How to Install Apache Cassandra on Oracle Linux 8
How to Install Yarn NPM Package Manager on Oracle Linux 8
How to Install Apache Spark on Oracle Linux 8
How to Install Docker and Docker Compose on Oracle Linux 8

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G3.2GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2008 Lookout Dr,

Dallas, Texas 75044

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom