Keeping passwords safe from hacking has long been a challenge for most users, even though it can be the heart of staying safe online. Individuals and businesses alike struggle to keep accounts safe, and poor password use is rampant despite knowing better. The Cost of Data Breach Study by IBM and Ponemon finds that the average global price tag for a data breach is $3.62 million. In the U.S., the damage is $7.35 million, with a $225 average cost for each record breached. Yet despite the hefty costs, data breaches continue to rise each year, with poor password usage as the single biggest threat. The good news is that using 2FA (2-Factor Authentication) and MFA (Multi-Factor Authentication) when logging-in to an account adds a layer (or more) to your online security.
According to the 2017 Verizon Data Breach Investigations Report, poor password behavior is the #1 cause of data theft, perpetrating 81% of hacking-related breaches. The report also finds that 70% of employees reuse passwords at work, creating a dangerous security situation for their organization. So, if passwords are the problem, how can we improve them?
Since that answer is not likely to come directly from users, layers of password protection are becoming an important part of logging-in. The gain in popularity of 2FA and MFA are becoming increasingly important, and just in time. The most common way of bolstering identification when logging-in to an account is 2FA. It sends a text message (SMS) to your smartphone after you supply your password. It also may involve entering a random code from a key fob, or even choosing answers from a list of security questions. Whatever it is, the codes or answers are needed before gaining access to your account. Although it’s not the most foolproof protection (a hacker could be spying on your texts, for example), at least it’s a step in the right direction. Setting up a pin code with your wireless provider adds another layer to 2FA texts and those who may be trying to hijack them.
The other major counterpart for authentication is MFA. Currently, it’s the costliest of the two options but it provides the most security layers for log-ins. It’s most needed for high-security logins like government and other high-risk jobs. Technopedia finds MFA uses three fool-proof levels of identification: 1. Physical security, such as an employee id card; 2. Knowledge based, such as a PIN or password; 3. Biometric security, using fingerprints, eye retina or voice acknowledgement. Not inexpensive, the level of data risk in a job requires MFA as opposed to 2FA.
Whatever the case, any time 2FA or MFA is offered for any account, activate it. It may seem inconvenient at times, but it’s a small task to complete for account security. Common sense dictates we should use any added layers of security available when logging-in, and organizations need to make those security levels available to their employees–it could very well be an investment in the future.