2-Factor Authentication – The Basics:
2FA requires that you use 2 out of the 3 following “factors” to access your network remotely.
This process is what I do in order access my network remotely:
Factor 1 – I enter my username and password at the login prompt on my laptop when connecting to my network remotely. (Something I know)
Factor 2 – I am then required to enter a code that is provided for me via SMS to my cell phone in a second step. (Something I have)
Note: The SMS code I use in factor two is dynamic changing every 60 seconds. I need to enter that code before it expires. The application provides a timer that displays when a code is about to expire. If it appears that I can’t enter it and hit return fast enough, I simply wait for the timer to reset and use the newly generated code instead.
Let’s say... you’ve stolen my laptop AND I had a moment of weakness earlier today leaving a note with my user name and password in my laptop case; stupid me! Unless you also have my cell phone to receive the code provided in Factor 2, you aren’t going to be able to “crawl” my network. You may have some fun looking at pictures from my last vacation or playing a game of Angry Birds (TM) but that’s about it.
The combination of 2 Factor Authentication, appropriate “screen lock” times and appropriate behavior on my part has greatly increased the security for remote access to my network.
Common sense is still a necessity!
Adding the 2nd factor increases the difficulty involved in using a misplaced, lost or stolen device to hack into a network. Having not only 2 separate factors, but making certain they are provided 2 different ways is a great security measure. This is the major difference between 2 Factor and 2 Step Authentication.
It is estimated that 1 laptop is stolen every minute (over ½ a million laptops a year.) It would be bad enough to be part of that statistic, but much worse if that stolen laptop is used to hack your network!
Is it a requirement for your business?
“It’s going to cost too much”:
Not really. When balancing the cost of instituting 2FA for your business against the potential damage caused if someone were to breech your network, you’ll come out ahead. As with anything else, there are different ways to make it happen. Speak with your IT Staff / 3rd Party Tech Support about installing 2FA for your network soon. Ask them for a bid; it shouldn’t cost you anything to get a price.
“Using 2-Factor Authentication is going to be a pain”:
Not really. All I need do is look at my phone and then type in the 6 digit code it is displaying then hit enter. When I weigh that minuscule amount of additional effort against the much higher level of protection I am providing for my network, using 2FA wins, no question at all.
Can I use it at home?
2FA is being offered by more on-line resources frequently. I currently use 2FA with 1 financial institution as well as one of the Social Media sites I use. For residential use, especially those who like to keep a “credential list” on their PC or Laptop, I encourage you to check with your on-line sites to see if they offer this level of security. The only thing that is going to change is that you will need your cell-phone at hand to get the SMS code to enter after the standard User Name and Password.
If your business or home is located in the Greater Phoenix, AZ area and you would like assistance in deploying 2FA for your network; please contact us at (480) 766-6188 or send a message through this site.
2FA requires that you use 2 out of the 3 following “factors” to access your network remotely.
- Something you know:
- A personal identification number (PIN), password or some type of pattern
- Something you have:
- An ATM card, mobile phone, or fob
- Something you are:
- A biometric such as a fingerprint, retinal scan or voice print
This process is what I do in order access my network remotely:
Factor 1 – I enter my username and password at the login prompt on my laptop when connecting to my network remotely. (Something I know)
Factor 2 – I am then required to enter a code that is provided for me via SMS to my cell phone in a second step. (Something I have)
Note: The SMS code I use in factor two is dynamic changing every 60 seconds. I need to enter that code before it expires. The application provides a timer that displays when a code is about to expire. If it appears that I can’t enter it and hit return fast enough, I simply wait for the timer to reset and use the newly generated code instead.
Let’s say... you’ve stolen my laptop AND I had a moment of weakness earlier today leaving a note with my user name and password in my laptop case; stupid me! Unless you also have my cell phone to receive the code provided in Factor 2, you aren’t going to be able to “crawl” my network. You may have some fun looking at pictures from my last vacation or playing a game of Angry Birds (TM) but that’s about it.
The combination of 2 Factor Authentication, appropriate “screen lock” times and appropriate behavior on my part has greatly increased the security for remote access to my network.
Common sense is still a necessity!
- I would NEVER allow my laptop AND cell phone to be left unattended together in the same place.
- I will leave my “lock screen” timers on both devices (laptop and cell phone) to a short interval.
- I do not store my cell phone with my laptop in its case when traveling.
- If I forget my cell phone, I am NOT going to be able to “remote in” to my network.
Adding the 2nd factor increases the difficulty involved in using a misplaced, lost or stolen device to hack into a network. Having not only 2 separate factors, but making certain they are provided 2 different ways is a great security measure. This is the major difference between 2 Factor and 2 Step Authentication.
It is estimated that 1 laptop is stolen every minute (over ½ a million laptops a year.) It would be bad enough to be part of that statistic, but much worse if that stolen laptop is used to hack your network!
Is it a requirement for your business?
- Do you accept credit cards for payment? 2FA for remote access is a requirement of PCI-DSS.
- Do you work with Protected Health Information? 2FA for remote access is a requirement of HIPAA/HITECH.
- Is your business a financial institution? You should definitely use 2FA for remote access to meet the FFIEC guidelines.
“It’s going to cost too much”:
Not really. When balancing the cost of instituting 2FA for your business against the potential damage caused if someone were to breech your network, you’ll come out ahead. As with anything else, there are different ways to make it happen. Speak with your IT Staff / 3rd Party Tech Support about installing 2FA for your network soon. Ask them for a bid; it shouldn’t cost you anything to get a price.
“Using 2-Factor Authentication is going to be a pain”:
Not really. All I need do is look at my phone and then type in the 6 digit code it is displaying then hit enter. When I weigh that minuscule amount of additional effort against the much higher level of protection I am providing for my network, using 2FA wins, no question at all.
Can I use it at home?
2FA is being offered by more on-line resources frequently. I currently use 2FA with 1 financial institution as well as one of the Social Media sites I use. For residential use, especially those who like to keep a “credential list” on their PC or Laptop, I encourage you to check with your on-line sites to see if they offer this level of security. The only thing that is going to change is that you will need your cell-phone at hand to get the SMS code to enter after the standard User Name and Password.
If your business or home is located in the Greater Phoenix, AZ area and you would like assistance in deploying 2FA for your network; please contact us at (480) 766-6188 or send a message through this site.