In 2004, Bill Gates predicted that the death of the password was imminent. Yet, a decade later, passwords remain the primary means by which users authenticate themselves to computer systems - this despite a rampant number of password breaches that have opened users to the possibility of fraud.
Old habits die hard, apparently. Gates was spot on when he said that users do a poor job of protecting their password - and that human flaw is ever accentuated in today's era of mobility. As more corporate-owned resources are accessed by smartphones, tablets and other user-owned devices, data is at risk.
The 2014 Trustwave Global Security Report found that weak passwords continue to be a blind spot, opening the door to 31 percent of intrusions we investigated. Compromise is much easier for an attacker if all they need to steal is a username and password.
As such, organizations must turn to additional authentication solutions to strengthen their security posture, particularly in time when easy-to-crack passwords are still such a critical problem. Two-factor authentication is an easy and effective way to add an additional layer of security - and many companies understand that.
So why isn't everyone doing it? Well, there are a large number of organizations that are frustrated with their current hardware-based authentication solution, which can be cumbersome for administrators and users alike. But two-factor authentication doesn't have to be complicated, and it provides much better protection than simply using passwords.
Michael Osterman, principal analyst at Osterman Research, told me recently: "Two-factor authentication provides substantially greater protection than simply using usernames and passwords. A cloud-based, managed two-factor authentication capability can provide the additional protection that an organization requires without imposing more difficulties on end users or IT."
Here's what you need to know about two-factor authentication:
It's all about something you know and something you have:
Two-factor authentication uses a two-step process to authenticate a user. A user typically employs a username and password as one 'factor' of authentication and then they will use a unique code sent via text, for example, as the second factor.
It's not complicated:
Today, cloud-based, managed two-factor authentication can be quickly and easily deployed across an organization to help secure networks and applications, protect users, and address data protection compliance mandates.
Two-factor authentication offers an easy way to strengthen security outside and inside:
Historically the largest deployments of two-factor authentication have been on external VPN connections and on vendor and third-party portals. However, we are now beginning to see more organizations deploy two-factor authentication inside their organizations on specific target applications because it's an easy way to shore up protection on internal, high-priority applications.
John Randall is a senior product manager at Trustwave.