BLOG

THE SUBSTANTIAL ACCESS SECURITY BENEFITS OF 2FA

/ / Shield Information Blog

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. Two-factor authentication methods rely on a user providing a password as the first factor and a second, different factor -- usually either a security token or a biometric factor, such as a fingerprint or facial scan. PINs, one-time authentication codes, and voice recognition are also commonly used.

With the added security safeguard, 2FA makes it harder for attackers to gain access to a person's devices or online accounts because, even if the victim's password is hacked, a password alone is not enough to access the system.

When setting up 2FA for your business, you need to consider which accounts need to be included, the system requirements you'll need, and which authent-ication factors will work best for your business. Those factors, listed in approximate descending order of how often they are used, include:

Knowledge Factor This is something the user knows, such as a password, a personal identification number (PIN) or some other type of shared secret.

Possession Factor This is something the user has, such as an ID card, a security token, a cellphone, a mobile device or a smartphone app, to approve authentication requests.

Biometric Factor requires something uniquely specific to the user's physical self. These may be personal attributes mapped from physical characteristics, such as fingerprints authenticated through a fingerprint reader. Other bio-metric factors include facial and voice recognition or behavioral biometrics, such as keystroke dynamics, gait or speech patterns.

Location Factor is sensitive to the location from which an authentication attempt is being made. This can be enforced by limiting authentication attempts to specific devices in a particular location or by tracking the geographic source of an authentication attempt based on the source Internet Protocol address or some other geolocation information, such as Global Positioning System (GPS) data, derived from the user's mobile phone or other device.

Time Factor restricts user authentication to a specific time window for logging on and restricts access to the system outside of that window.

The vast majority of two-factor authentication methods rely on the first three authentication factors, but organizations that need a greater level of security can “upgrade” to multifactor authentication (MFA), which can then set up their system(s) to require on two or more authentication factors.

At the very bare minimum, make sure you are 2FA protecting:

  • Your domain and website, especially your DNS entries
  • All access to your email services
  • Administrator-level access to your corporate network

Duo Push, by Cisco, is an easy-to-use two-factor authentication method for mobile devices. The app 'pushes' an authentication request to the device for the user to approve. It is similar to how social media and news apps push notifications to a mobile device. To view a basic product overview, click here.


Shield Information Solutions provides client-focused “all-in-one” managed IT management services to organizations in diverse industries in the lower Hudson Valley and Bergen County area. Our experience, expertise, and proactive approach help ensure several substantial benefits, including: more predictable monthly IT costs; proactive monitoring and maintenance; regular software updates; optimal return on IT investment; and minimal downtime. If you’re looking for an IT partner with a backup plan that fully protects your business while lowering your monthly costs, please call Lee Sentell at 845-613-0600 or visit www.shieldinformation.com.

TOP