Now is not the time to get complacent with your passwords.

Digital criminals have ramped up their skills and schemes within the last year to take advantage of the pandemic remote transition. Small businesses have had to strengthen their cybersecurity software to protect themselves, but their biggest threat is human error. If your employees aren't cautious with their password protocol, you're still vulnerable to cyberattacks.

 We've discussed password best practices in the past, including using strong, non-sequenced passwords and password managers. But, there's another step that tends to be skipped for the sake of convenience – two-factor authentication (2FA.)

We understand the additional verification can make signing into your accounts a little cumbersome. But it's worth a few extra minutes to ensure that your valuable data is protected. Let's take a closer look:

How Does 2FA Work?

Two-factor authentication is triggered whenever you log into an account on a new browser. For example, say you have 2FA enabled on your Microsoft Outlook account. If you're logging onto your email on a friend's phone for the first time, Outlook would ask you to verify your identity with a secondary piece of information.

 There are three common themes of information that a 2FA can request from you:

• Something You Know: This includes passwords, PINs or additional chosen security codes.
• Something You Are: This includes biometrics like fingerprints and face scans.
• Something You Have: This includes smartphones or other devices where websites can send confirmation codes or messages. 

As for the 2FA process, different applications and websites use different styles.

 By now, you've most likely experienced some 2FA methods like receiving SMS codes or opening devices with your fingerprint. But 2FA can also be achieved through:

• Email Verification: Your account sends an email with either a code to copy or a link for you to click to confirm your identity.
• Phone Call Verification: Your account calls your phone to give you a code to enter to confirm your identity.
• 2FA Software: 2FA software includes websites or applications that help verify the safety of the websites or devices you're using, along with often saving passwords securely. Their ultimate goal is to add extra layers of protection to your 2FA methods and cybersecurity.
• 2FA Hardware: Whereas 2FA software lives on your devices, 2FA hardware is a physical key or USB-style object. These are plugged into your devices to verify and sign in to your most important accounts. 2FA hardware pieces have been referred to as the most secure method to protect your devices. 

Where Can I Use 2FA?

Chances are, on just about everything that you'd like to protect. 2FA's popularity has grown exponentially in the last decade, and now almost every major website has the option to enable it. All the major players you most likely used every day – Microsoft Outlook, Amazon, Facebook, Dropbox – have 2FA settings for your protection. 

Generally, 2FA can be turned on through your account settings on your chosen platform. But luckily, PC Mag created a comprehensive guide on how to enable 2FA on all of your favorite websites. Check it out for a step-by-step walkthrough.

Is 2FA Necessary? 

Yes! Now more than ever. 

With so many companies switching to digital and remote operations in 2020, digital criminals have ramped up. Crowdstrike reported that there were more cyberattacks in the first six months of 2020 than in all of 2019. This means that hackers have strengthened their skills to find new and improved ways of accessing your company's valuable data. And now, your password isn't enough to keep them out.   

Here's a troubling statistic – 23 million people have reported that they still use the password "123456." That would be like if everyone in the state of Florida used the same password.   

This password is common and easy to guess by cyberhackers. And the more people become negligent about using strong passwords, the easier it will be for digital criminals to crack them.

By adding in 2FA for all of your company's accounts (and your personal accounts, too!), you're lessening the likelihood of cyber hackers accessing your information. If they're not scared off by the 2FA request, they most likely won't be able to provide the correct code, key or biometric to move forward.  

And we're not the only ones who think it's essential. Duo reported that 2FA usage jumped from 28% in 2017 to 53% in 2019. We expect to see that number continue to grow!

 Is 2FA Foolproof? 

 Unfortunately, no – but that doesn't mean you should skip it.

As we've discussed before, no single cybersecurity method is infallible. There have been reports of cyber hackers running phishing schemes so detailed that they even fool accounts with 2FA enabled.

A typical scenario for this might look like getting an email that your account has been compromised, prompting you to log in. If you enter your credentials through their malware-laden page, cyber hackers now have access to everything you've typed – including a 2FA verification code.

You can avoid situations like this with comprehensive cybersecurity plans – ones that don't depend on a single strategy. For example, say your employee came across an email like this. With proper cybersecurity training, they would be able to recognize it as fraudulent and steer clear. 

While 2FA may not be 100% foolproof, a 2019 Microsoft study reported that it's 99.9% effective against hacks. That means it's still a strong (and often free!) defense against cyberattacks and we recommend that everyone use it to protect their devices.

2FA and Beyond

As we said, 2FA is best when used within a larger cybersecurity plan. If you're having trouble creating an online defense for your company, we can help. Contact Ascend today to chat with our team about small business cybersecurity and online safety.