What is two-factor authentication (2FA)?

Two-factor authentication — or 2FA — is a security feature that has risen in popularity as the importance of enterprise cyber security continues to rapidly increase. As far back as the 1980s, two-factor authentication was a concept in security, it just became more feasible with improvements in technology.

In 2004, Bill Gates predicted that passwords would soon be obsolete as an unreliable and ineffective form of security, accurately predicting the implementation of multi-factor security. A single password can hardly protect an account, especially when it is also used as a password for other accounts, which is sadly true of most passwords — no matter how many trainings you put your employees through.

What factors can be used for Two-Factor Authentication?

There are various types of two-factor authentication. In each of these types, they require something that only you know, have or are.

Something you know

• Passwords, PINs and security questions only you would recognize.

Something you have

• Trusted devices, most commonly your mobile phone. This could be accessed through a software token, where a code or several-digit number is sent to your mobile phone or other devices (for example, Apple ID requires an additional 6-digit code to be entered which is sent to a trusted device upon attempts to log in).

• Hardware tokens, which can look like a keychain and will provide a code for your entry. To gain access, someone would need the password as well as the physical token.

Something you are

• Biometric authentication, which could include a fingerprint or retina scan.

How secure is traditional Two-Factor Authentication?

According to a recent article, only 55% of employees use 2FA in the workplace. But beyond low adoption — and while traditional 2FA can add more security than static credentials — it still isn’t enough for the full protection of sensitive assets.

The problem with traditional 2FA are the authentication factors. Something you know can very easily be shared, or worse, written down for future reference and found by the wrong person. Something you have can be stolen or compromised. Even with 2FA in place, there is still risk of attacks such as SIM-swapping, where a hacker convinces your phone service provider that they are you, and need the SIM card access changed to their new phone, giving them full access to your information on their device.

Not to mention if you lose your 2FA token, or if it is stolen, this could also result in a security breach as the factor that was meant to represent only you is now allowing someone else to easily identify as you.

On top of all this, a security measure is only as valuable as its weakest link — or weakest passwords. Despite 2FA’s benefits, you might have heard a complaint (or two) about the authentication method. Maybe a coworker didn’t like the extra time they needed to spend logging in or setting up their security settings.

Additionally, people have begun to experience security fatigue as well as forgetfulness, which causes them to reuse passwords, ultimately weakening the security system. A recent article shows that 30% of all help desk calls and tickets consist of password resets, which adds up to be around $675 per user or $225,000 per year.

The thing is, humans are simply resistant to change. Just like people don’t want to remember a different password for each site, people don’t want to learn or worry about a new process for logging in to organizational systems. This moaning and groaning on their part could cost big time on your part. An employee that doesn’t like a security system probably doesn’t understand it and thus is not being as careful as possible.

As usability expert Jared Spool said, “If it isn’t usable, it isn’t secure.”

As businesses transfer increasingly confidential information into cyber storage, cybercrime has increased. By 2021, it is predicted that the global cost of cybercrime will reach at least $6 trillion. As cybercrime grows, the protections against cyberattacks also must improve to protect the consumer and corporate data.

You might have already been asked to use MFA or 2FA for work or other accounts to mitigate cybercrime. Maybe you even got ahead of the curve and used them purely for personal protection, but modern times call for modern security.

The solution to traditional 2FA — Passwordless Authentication

To protect against modern security threats, 2FA has evolved beyond the traditional methods that leave major gaps.

Passwordless 2FA eliminates authentication methods using static credentials — including passwords, codes and security questions — defending against the top vulnerabilities targeted by the 8 most common attack vectors and providing a safe way to secure your accounts.

By skipping something you know, which can easily be stolen by others, and only asking for something you have and something you are, passwordless 2FA makes it much more difficult for a bad actor to gain access to your information.

For instance, Trusona requires biometric authentication through your phone, making it so a hacker would have to steal both your device and your fingerprint or face ID to really get into your accounts, which is no easy feat.

The best part? Nothing to memorize and remember, and no password reset emails.

Passwordless authentication cuts down on login time as there is nothing to type out, and fewer hoops to jump through. Passwordless 2FA is easy to set up, but it’s also very simple to use — provided you’re logging into your own account. For those trying to impersonate a user, passwordless solutions create a big challenge for gaining access, which is what enterprises are looking for in their security measures.

Studies show over 250,000 credentials are stolen every week. Don’t become part of this statistic and start using passwordless authentication solutions to protect your workforce or consumers.

Upgrade your 2FA with Trusona

By 2022, Gartner predicts that “60% of large and global enterprises, and 90% of midsize enterprises will implement passwordless methods.” With this kind of growth, you should plan on passwordless authentication methods becoming part of your organization, if it hasn’t already.

While 2FA has become a security necessity, perhaps the most practically safe option is passwordless 2FA. It reduces vulnerability and creates a much smoother user experience. With passwordless 2FA, security is simplified.

Throw in patented Trusona’s patented anti-replay technology that defends against session replay attacks and you have airtight, enterprise-wide security — whether you want security for users on the desktop, SSO, VPN or more.

Learn more about Trusona’s passwordless 2FA or see how easy the process is by trying it for yourself today.