- 2FA is a critical part of security for businesses of all sizes, helping them protect their data and access to their network, websites and more.
- Software tokens and push notifications are the two most popular types of 2FA employed in businesses and are easy to implement company-wide without much disruption to employees’ workflow.
- Most 2FA apps – even industry leaders like Google Authenticator and LastPass – are free to use.
Two-factor authentication (2FA) is essential for businesses of all sizes. It may surprise you to hear that smaller businesses are likely to be more vulnerable to devastating cyber-attacks. If you’re confused about 2FA, how it works, and why you need it, keep reading to find out more.
What is 2FA?
Two-factor authentication (2FA) is a type of multi-factor authentication which is designed to improve account security, by using two different methods of identification – these are the “factors”. This, as opposed to entering a single password upon login.
2FA was created to offer an additional layer of security, to make sure the person logging in to an account is who they claim to be. Passwords can easily be stolen or guessed, but with 2FA a password alone is not enough to gain access to a protected account.
2FA kicks in once the subject has entered their standard password and/or username for the account in question. At this point, the account holder will be asked to enter further information in the form of something only they would have. For example:
- A token (hardware or software)
- A fingerprint or face scan
- A push notification sent to the user’s device (based on phone number or email)
Why your business needs two-factor authentication
It is a common misconception that only large businesses need to worry about hackers. However, small businesses, with their swathes of sensitive customer data and minimal security, are actually prime targets for cyber criminals. Relying solely on a single password to protect an account is a recipe for disaster. Weak to medium-strength passwords are easy to guess, and even strong passwords can be hacked. Introducing two-factor authentication will protect your sensitive data by stopping even the most sophisticated hackers.
Different types of 2FA
There are several types of 2FA, some of which are more secure than others. The key thing to note is that any two-factor authentication is better than none whatsoever. Accounts secured by a password alone are extremely likely to be hacked, sooner or later. Here are some examples of 2FA, with their advantages and disadvantages.
Hardware tokens
Hardware tokens are the original 2FA identification method. These tokens are small, simple devices that only the user would have access to, which generate single-use codes upon login. Card readers for bank accounts are a type of MFA hardware token. This method tends to be less secure, as it relies on the user having access to the token.
Software tokens
A software “token” is an automatically generated, one-time password (OTP) created by an app on the user’s device. This is an especially secure method of identification because the codes in question are usually only valid for a very short period of time, which makes them incredibly difficult to steal. Plus, the codes themselves are generated on the device, which adds an extra layer of security.
Biometrics
Biometric 2FA tokens are not widely used, however they are considered to be the most secure. Examples of biometric 2FA methods are fingerprints, retina scans, facial recognition, and voice recognition. This type of 2FA is extremely secure as it is not based on information that can be easily guessed, intercepted, or stolen. It also has the advantage of being a quick and convenient method of identification. However, accounts covered by biometric 2FA are extremely difficult to recover and can be expensive to set up.
Push notifications
Push notification verification is widely used. Rather than relying on a software token, this system sends a notification directly to the user’s registered number or email, asking them to approve or decline the login attempt. This type of 2FA only works with devices that are connected to the internet, which is a downside. On the whole, push notification 2FA is both secure and incredibly convenient for the user. It also has the advantage of making the user aware that someone is trying to log in to their account, giving them the opportunity to deny access and flag the breach.
The best two-factor authentication apps
Large corporations and organizations which deal with extremely sensitive data usually build custom 2FA systems. For small to medium sized businesses, this is rarely necessary. Fortunately, there are several “out of the box” 2FA apps which you can easily download and use. Let’s take a look at our top five 2FA apps:
1. Authy
Authy is a great all-rounder 2FA app. In addition to being 100% free to end users, Authy automatically synchronizes to all devices and is not reliant on an internet connection. Unlike other apps of its kind, Authy includes free encrypted backups, which means a user can easily restore their account if their primary login details are lost. It generates TOTP codes on the login device, which regenerate every 30 seconds.
Authy had three price packages:
- Starter – Free
- Pay-as-you-go – $0.09 per authorization
- Enterprise – Pricing on request
Features:
- Encrypted backups
- Does not rely on internet connection
- Easy account restoration
- Accounts must be linked to a phone number
2. andOTP
This app is a little different in that it’s entirely free and open source. Despite being free, andOTP comes with some impressive security features. For instance, andOTP offers encrypted backup with a password set by the user. If these details are forgotten and account restoration is necessary, users can achieve this easily via the andOTP community. This app also includes tap-to-reveal passwords and a panic button which allows users to delete all sensitive information from the device. The major downside of andOTP is that it is only available on Android devices.
andOTP is entirely free to use.
Features:
- Panic button
- Supports TOTP and HOTP
- Encrypted backups
- Easy account restoration
3. Google Authenticator
Google Authenticator is the original two-factor authentication app. As it has been around for so long, nearly all websites that are compatible with 2FA apps will accept it. Like the other apps mentioned so far, Google Authenticator does not rely on an internet connection and will generate codes directly on a device. It is known for its reliability and can be easily linked to most accounts via a QR code. However, Google Authenticator is considered by some to be outdated, and is lacking functionality in key areas. It doesn’t allow syncing across multiple devices and can’t be linked to a Google account, which can make account recovery a challenge.
Google Authenticator is free to use.
Features:
- Widely compatible
- Supports TOTP
- Reliable
- Very easy to use
4. LastPass Authenticator
LastPass Authenticator scores highly for both functionality and reliability. This app supports verification via push notifications for Google, Amazon, Facebook, and Dropbox – which is not a feature currently offered by any other 2FA apps. Another unique feature is that you can extend or reduce the window of time for which codes remain valid. LastPass Authenticator supports TOTP and uses encrypted backups. This app is a particularly good choice if you use LastPass as a password manager.
LastPass Authenticator is free to use.
Features:
- Encrypted backups
- Easy account restoration
- Adjustable code validity
- Push notification verification
5. Microsoft Authenticator
Microsoft Authenticator is simple and highly functional. It generates codes on a device without an internet connection and supports TOTP. This app is unusual in that it supports password-free authentication via face recognition or fingerprints, when used with Microsoft apps like Office 365 or OneDrive. It also includes business-friendly features like authentication via a certificate instead of a single-use password.
Microsoft Authenticator is free to use.
Features:
- Password-free authentication with MS apps
- Certificate-based authentication
- Supports TOTP
- Not open source
Time To Up Your Security
2FA is more important now than ever before, as the shift to remote work has opened even more opportunities for cyber criminals. Data breaches, even small ones, can be catastrophic for large businesses. With this in mind, it is easy to imagine that a small business with limited resources may never recover from a successful cyber-attack. If your accounts currently rely on single-factor authentication, you should take steps to introduce 2FA as soon as possible.