What Is Two-Factor Authentication

Two-factor authentication (also called 2FA or dual-factor) is the process of making a login more secure by adding another step, stage or factor to the process.  Therefore, making it far less likely that an account can be compromised, or accessed, by someone other than the owner or intended user.  It can be used to protect logins such as Hosted Desktop, email accounts or document servers.

To use only a password is single-factor authentication (SFA).  This is vulnerable to phishing attempts, brute force attacks or social engineering.  It could also be compromised by something as simple as login details being left on a desk and being stolen by a contractor visiting an office!  One step, and they are in.

Fortunately, it’s quick and easy to implement two-factor authentication.


The logging in process

So, how would the logging in process differ between one-factor and two-factor authentication?

One-step authentication
1) User enters username and password on login screen (first factor)
2) If details are correct, they are granted access into service / app / Hosted Desktop

Two-step authentication
1) User enters username and password on login screen (first factor)
2) User is prompted to enter, or action, their second-factor authentication method
3) If both the first and second factor details and actions are correct, they are granted access into the service / app / Hosted Desktop.


What can I use as my two-factor authentication method?

Two-factor authentication requires a user to provide two of the below to prove who they are and gain access to the online account.  Typically, most services require you to have a username and password as the first-factor (knowledge).

(Knowledge) Something you know – password / pin number / security questions and answers
(Possession) Something you have – smartphone / USB hardware token
(Inheritance) Something you are – biometric / fingerprint / retina scan

To have true 2FA you can’t have 2 items from the same factor.  For instance, using a password and a pin number wouldn’t be considered 2FA as they both belong to the ‘knowledge’ factor.

A less common method is location based 2FA, where you can only login from a certain location or IP address.  There is also time based 2FA where you can only login during a specific time window.  Used together, the location and time based 2FA would be a formidable deterrent to anyone wanting to gain access to your account.  Although, the use of multi-factor authentication (MFA) (more than 2) is typically only seen in high security workplaces or those handling particularly sensitive information.  Limiting logins to a time window and location would be impractical and excessive for the majority of individuals and ‘normal’ businesses.


internet security for hosted accountants

What are the advantages and disadvantages of each?

The most widely used method of 2FA is authentication via a pin code sent via SMS.  You will likely be familiar with this if you have online banking.  This method is commonly used as the vast majority of the population own a mobile phone, or have access to one.  However, this method can be intercepted by SIM cloning, although this is uncommon. Finally, it can’t be used where there is no mobile network signal.

Hardware tokens are typically in the form of a USB dongle that display a set of numbers on a small LCD screen.  These numbers, when prompted, will be entered as the second factor of authentication.  While being quite secure, the method does suffer from a number of disadvantages.  The cost per dongle is fairly high, and with a large team, it can be quickly become very expensive. This is especially true is users break or lose them!  Also, it can become difficult to manage and distribute them if not all staff are based in the same office.  The one-time code is generated by the device, and so it hugely reduces the possibility of interception. It also doesn’t need a network connection to operate.

Push notification for 2FA via an app.  This method is generally considered more secure than SMS, which can be susceptible to SIM card cloning.  This is because it is much harder to clone the trusted relationship between the user’s smartphone and the 2FA provider’s application (such as Duo).  79% of the UK population own a smart phone so it is incredibly easy to use and can be rolled out to small or large organisations.  Some applications offer a super simple interface of a tick or cross illustration on the smartphone screen to authenticate or deny a login.


What about biometric authentication?

The least common, but emerging, method of authentication is biometric, although as technology progresses and refines, we expect to see this method be more widely used.  This could be via fingerprint, retina scans, or facial recognition. This method is very convenient for the user, however, facial recognition can be difficult on some devices due to low light levels, and a cut on a finger can cause errors.  Worryingly, there have been reports that some users have had their facial recognition factor bypassed by people holding up photos of the users face to the camera!

What Is Two-Factor Authentication?

What is the most secure method?

Microsoft recently announced that using two-factor authentication blocks 99.9% of automated account attacks, with their cloud services seeing 300 million fraudulent sign-in attempts every day.  This, surely, is undisputable evidence that using two-factor authentication is essential for any business, regardless of what method you choose.

But what method is best for your business? This is a difficult question to answer, and really depends on the type of organisation that you are wishing to implement 2FA at. What method would be easiest for your staff to accept and use on a daily basis?  

At Cloud2Me, we recommend, and indeed use for our customers, push notification authentication via an app.  We use a third-party partner called ‘Duo’, who’s modern access security is designed to safeguard all users, devices, and applications.

This is considered more secure than the common SMS authentication which could be intercepted by SIM card cloning. It’s much harder to clone the trusted relationship between the user’s smartphone and the 2FA provider’s application (such as Duo).  With the prevalence of smartphones and smart devices, app push notification is a quick and easy method for the vast majority of users to accept and implement.  To see just how quick and easy it is to use, visit their site.

For more information on two-factor authentication, or how we can make your Hosted Desktop service more secure, contact us via info@cloud2me.co.uk or by calling us on 01737 304210.



Older
Newer
  • “When I was looking for a hosted desktop solution, I wanted something that was reliable, secure and affordable. I shopped around the market place and Cloud2Me came up highly on all accounts.”

    Peter Bradley – Director
    Integral Talent

  • “We would certainly recommend the services Cloud2Me supply. Much less hassle than building our own cabled network, and Cloud2Me are very quick and helpful when responding to any questions.”

    Tristan Haines - Director
    Zepho Enterprises

  • “I was amazed at how quick the hosted desktop works, faster than my laptop! I love that I can have a pure business desktop which I can access from my windows desktop, home MAC and iPad. Cloud2Me has been a perfect solution provider. ”

    Graham Forbes - Director
    Interesting Apps

  • “I would highly recommend services from Cloud2Me. They’re good value, but most of all the service is excellent. There’s always support available at the end of the phone and Cloud2Me always go that extra mile to help out.”

    Charles Cridland – Director
    Your Parking Space

  • “We were initially cautious and uncertain of the security of working like this – this is something we have swiftly put behind us, the system is completely secure and reliable. Based on our experience I would highly recommend this service to anyone considering an ‘office in the cloud’ with Cloud2Me.”

    Bryn Towns - Director
    RoqSolid

  • “The technical support provided by Cloud2Me is great. Furthermore, I find the service offered by them to be very flexible and tailored to meet our individual needs… The way we are able to access our server wherever we are has transformed the way we work.”

    Dwain Coward
    Coward & Co Solicitors - Senior Partner

  • “I have not had any hitches and any maintenance they carry out never disrupts the services. The customer service is fantastic, even when I email late on an evening I still get a quick response that night, or first thing the next morning. I highly recommend Cloud2Me and their services.”

    Jody Nicholl
    Boolas Bakery

Ready to embrace the Cloud? Request a no obligation, 14 day free trial today.