Is your data safe? The case for two-factor authentication

26 April, 2022
Data security

Is your data safe? What about that of your customers? In 2021, there were a record-breaking 1,862 data breaches - up 68% from 2020's total of 1,108, and higher than the previous record of 1,506 from 2017. 

We’ve all seen the messages from friends - “Please don’t respond to any of my messages, my account has been hacked.” Or worse, carried on a conversation with a “friend” who asked us for personal details to help them “fix” a similar problem, which turned out to be someone else. Never a good start to anyone’s day.

Every time a security method becomes standard practice - such as a ‘secure’ password - scammers will find clever ways around it. Working from home has exacerbated security issues, as most employees use home wifi networks with little or no additional security, presenting a much easier target for bad actors than the actively-managed security at workplaces. Luckily, mathematics has an almost unbeatable solution in the form of two-factor authentication, also known as “2FA”.

Yet, a recent cybersecurity survey by Techradar found that only 22 percent of companies have introduced 2FA since the pandemic began, despite it being the best line of defense against attacks that threaten both businesses and their customers.

Authentication 101

While most authentication methods rely on what are called knowledge factors, i.e. a traditional password, other authentication methods include a possession factor, a biometric / inherence factor, location factor or time factor - which in combination, create multi-factor authentication. This enhances security exponentially, making it much less likely there will be a breach and therefore keeping your data and that of your customers safe.

A knowledge factor is something that only you should know - whether it is a password that you enter, a PIN number, or the answer to a security question like “what is your mother’s maiden name” etc. Unfortunately there are a lot of successful attempts to gain such knowledge via social media these days, especially through seemingly innocent viral “challenges” that encourage people to overshare information that can aid hacking and phishing attacks, or brute-force guessing of passwords using special programs.

A possession factor is something only you should have, such as a security token, an ID card, a mobile device or user-specific code which can allow you to approve authentication requests. These typically work in combination with other methods; for example, if you are checking in physically, someone looking at your ID card will then look at you and see if your face - which is a biometric factor -  matches the photo. 

Time is also used for authentication, limiting security risks to a certain window during which an authentication method is valid, while location can be verified by GPS, mobile signal triangulation by the carrier, or an IP address when using the internet.

Leveraging 2FA for staff and customers

Customers may not fully appreciate the extra precautions you take to avoid putting them at risk - that’s why it is critical to make the verification process as seamless as possible. Entering personal data is already a friction point, which means that complicated or tedious procedures are likely to frustrate them further. 

Sending an SMS with a verification code, for example, is an easy way to make use of the above factors to ensure that a person entering and receiving data is exactly who they say they are - keeping everyone’s data in the right hands. For staff use, CINNOX provides 2FA for keeping your CINNOX account credentials safe, even if your password gets compromised. It also allows for third-party authentication - which will allow you and your fellow staff members to log in to the CINNOX service using an alternative method, such as your company network login credentials. This minimises the need for multiple passwords, while also enhancing security.

Want to send a one-time password to customers, for handling sensitive documents? CINNOX can easily handle this at scale. Contact us today about how you can use our powerful API’s to integrate with your existing system, or let us help you build a new streamlined workflow that will keep your system safe and inspire confidence that keeps your customers coming back!

 

Leave a Comment