Why Two-Factor Authentication Matters
By Patrick Oliver Graf, General Manager, NCP engineering
At the end of last year, we spent some time discussing a few projected network security trends for 2013. While there was room for debate on some topics, most people agreed that there was a clear need for more secure authentication methods. In hindsight, it appears that the experts were correct, and the traditional combination of username and password is no longer a strong enough security barrier to ward off hackers with increasingly sophisticated tools. But, this doesn't mean that there is one answer that solves every problem.
Two-factor authentication in particular has received heightened media attention in recent weeks. Many users on Twitter, one of the fastest growing social networking platforms in the world, are clamoring for it in light of recent high-profile hacks. Most notably perhaps, the Associated Press (AP) handle was used to tweet (falsely) that President Obama was injured in a White House explosion. After the ruse was exposed, one glaring question emerged in the minds of security experts: could it have been prevented if Twitter used two-factor authentication?
In reality, two-factor authentication – a security process in which the user provides two means of identification – may not have prevented this attack. The Syrian Electronic Army, which claimed responsibility, reportedly obtained login credentials from a phishing email attack that prompted employees to enter their usernames and passwords. If this is true, Dan Kaplan of SC Magazine correctly points out that the perpetrators could have easily added another field for that second means of identification.
What we should learn from this is that there is no one magic technology that applies to every situation. However, robust security software combined with proper employee education on security best practices can help safeguard companies against most of today’s cyber threats.
The NCP Secure Enterprise Management software, for example, administers a one-time password that users receive via SMS. Each password is created by a random number generator within the NCP Advanced Authentication Connector and is automatically canceled after use. This eliminates the need to use third party solutions and enables two-factor authentication with only a mobile or smartphone. Ultimately, this creates additional security hurdles that hackers must clear in order to obtain access to sensitive company content.