2FA for SMBs: Why you should implement two-factor authentication today

Next story
Two Form Authentication - 2FA

The cybersecurity marketplace offers a multitude of products designed to protect your IT systems from malware and other threats.

But your data needs safeguarding too, especially in light of recent regulatory measures. Regulations such as GDPR in the EU and the upcoming California Consumer Privacy Act are putting the spotlight on the topic of data protection. 

For SMBs, one of the strongest (and easiest) ways to secure data is improving the protection provided by passwords—that is, making what should be safe in theory truly secure.  You can do this by implementing two-factor authentication (2FA), which adds an extra layer of protection beyond just a username and password.

While 2FA solutions vary, normally an automatic SMS message or other application that generates access codes is used. Once the password has been entered, the system will request this code and, in some systems, an application (separate from the web browser) is used to enter the code.

In the case of ESET Secure Authentication, you have the option of using an app on your phone to generate a one-time access code. This is more secure than using SMS, because it's easy for malware to intercept SMS codes.  (However, if you prefer using SMS to receive your access code, you can set ESET Secure Authentication for that option.) 

  • Watch a demo of ESET Secure Authentication

Two-factor authentication, in conjunction with the traditional password system, is much more secure than simply using credentials alone. Many attacks that were made public in recent months (check Have I been Pwned?) could have been prevented if 2FA had been in place. Even if attackers had managed to infect a computer and steal a password, they wouldn’t have been able to access the account associated with it because they lacked the access code.

Criminals are seeking easy targets—which means a business that doesn’t bother to implement 2FA is much more likely to likely to be attacked than one that does.

Why a password is no longer enough

Continuing to use a single data item (password) as an authenticator for a system, while easy, isn’t secure. Even worse are poorly implemented security measures that drive up cost and complexity. For example, many business users who connect to a corporate network or who access their work email accounts remotely via VPN are still doing so by simply authenticating with a username and password. Unfortunately—and especially in the case of paid VPN access—all benefits may be nullified because of a weak or already compromised password.

Costs of implementing 2FA

Rather than thinking about the expense of implementing a 2FA solution, consider the potential cost of non-implementation.  With many employees logging into multiple platforms daily, verifying identities is of utmost importance for companies of all sizes. ESET Secure Authentication slashes the cost of acquisition since it works across iOS, Android and Windows mobile devices, and can be implemented in under 10 minutes.

ESET Secure Authentication covers safe access to VPNs, Office365, operating systems, email and more. It's designed as software-based but is also compatible with hard tokens.