Importance of enabling 2FA

2 Factor Authentication is arguably one of the most, if not most important security feature that organizations should push for. Long gone were the days that strong passwords alone can do the job. I have seen countless cases of employees’ devices and server resources being compromised due to the lack of 2 factor authentication.

Why 2FA you may think. Think of 2FA as having 2 locks, one is what you know and the other is what you have. More often than not, the “what-you-know” could be stolen via many methods, including but not limited to: malware infection, phishing, Man-In-The-Middle, stolen and brute forcing. All these are potential ways that your highly sensitive passwords could be misused by malicious individuals to gain access to your online accounts. By having an additional lock of “what-you-have”, malicious individuals would not be able to so easily gain access to your accounts. Even if somebody steals or guesses your password, or you have reused a password from another website or service and that service has been breached, you can rest assured that the hacker would still not be able to get into your account. The following diagram depicts the scenario:

Turning on 2FA is especially important for highly sensitive accounts such as Google Accounts, which is tied to many external services via OAuth. This essentially means single point of failure; an attacker gaining access to a Google Account would be able to access all of the services tied to it, such as Google Drive, Gmail, Trello, Slack and others.

There are various ways to implement 2FA, the most popular and commonly seen ones would be the sending of a token to one’s handphone. Other methods include usage of Google Authenticator (available on both Android and iOS) and also a physical key.

References:

Nicole Kobie (2017, March 27). Why Two-Factor Authentication Is So Important. Retrieved October, 25 2017 from https://www.teenvogue.com/story/why-two-factor-authentication-is-important