Contact
Site: US UK AU |
Nexcess Blog

The Complete Guide to Two-Factor Authentication

May 3, 2018 0 Comments RSS Feed

Two-factor authenticationThere is a hacking attempt once every 39 seconds. Between 2017 and 2021, these attempts are expected to cause over $1 trillion in cybersecurity costs. Yet despite the high cost to businesses and organizations, one of the most common reasons for these hacking attempts succeeding is insufficient security procedures (see: the dropped drive hack).

Simple changes to company procedures can lead to huge cybersecurity benefits, reducing the chance of your organization being hacked. One of the simplest ways to begin this process if by adopting two-factor authentication.

Here, we’ll explain what two-factor authentication is, why you should be using it, and how it has been implemented by Nexcess.

What Is Two-Factor Authentication?

An authentication factor is something you exchange in order to verify your identity. For example, a keycard or a password. Online, this has traditionally been done via inputting a password. However, if your authentication factor (password) is stolen, what’s to stop thieves from immediately accessing your account?

Two-factor authentication (2FA) is where another, second, layer of protection is installed. With this extra authentication factor in place, even if your password does fall into the wrong hands, you’ll still be able to rest knowing your account hasn’t become vulnerable to attack. Two-factor authentication adds an extra level of information needed to log in.

There are three primary methods for adopting two-factor authentication:

  •      Through the use of a secondary password
  •      Through the use of a secondary device such as an authenticator app
  •      Through the use of biometrics or voice print

Each of these has different levels of effectiveness, which is something we’ll return to later.

How Common Is Two-Factor Authentication?

Asking this question is like asking “How much do I value my security?”

With modern cybersecurity, two-factor authentication has become the standard. Why? Because one-factor authentication is easily targeted and broken. Two-factor authentication has become so common there is even a website dedicated to naming and shaming those who haven’t adopted it.

One of the best examples of two-factor authentication might be when you bank online. In order to log in, you’re asked for a username and password. You are then usually required to provide additional information before gaining access to your account. This may be in the form of a small device, or an authenticator app on your mobile.

Other two-factor authentication examples include when you log in to Facebook, PayPal, your Gmail account, and many others. There is a reason it’s been adopted so widely, and that’s because it’s effective.

How Effective Is Two-Factor Authentication?

The effectiveness of two-factor authentication varies depending on which of the above authentication methods you adopt, their internal security, and to what degree you need backup access to the resource you’re trying to protect.

Assuming your authenticator is 100% internally secure, and you don’t need backup access, then the strongest two-factor authentication (2FA) method is through the use of biometrics. However, implementation of this doesn’t just mean using the fingerprint scanner on your phone. True biometric two-factor authentication is expensive to adopt and does not offer backup access routes in the event your original fails.

On the other hand, use of two-factor authentication with a secondary password falls victim to the same issues single-factor authentication has. No matter how strong your password is, if it’s stolen you’ve instantly lost account security. By using a secondary password, there are just two passwords instead of one.

For most people looking to adopt two-factor authentication, using a mobile device with an authenticator app is the best option. It provides the best balance between flexibility and security. Authenticator apps also provide the best “bang for your buck” when it comes to keeping online security costs down.

Authenticator App two-factor

Nexcess 2FA

Nexcess supports two-factor authentication through the use of an authenticator app on your mobile. 2FA can be used to provide you with a second layer of security for accessing your Client Portal. Note, 2FA does not apply to your SSH or application login (Magento, WordPress, etc.).

Which Authenticator App Should I Use?

With Nexcess, you can choose whichever authenticator app you prefer. However, authenticator apps were not created equal. While you’ll probably be able to find an authenticator relatively easily, deciding as to whether it will actually protect you isn’t as simple.

One of the most popular authenticator apps is Google Authenticator. Available for both Android and Apple, Google Authenticator works by setting time-sensitive passcodes on your mobile, which you must then copy to access the Client Portal. It’s a reliable app with good security and an intuitive interface, making it one of the top 2FA choices.

A popular alternative is Duo Mobile, which works in a similar way. A passcode generated on your mobile is used as 2FA for your online Client Portal. Duo Mobile isn’t quite as intuitive, but the security team behind the app is arguably better than the one for Google Authenticator. Recommended for those looking for the best 2FA they can get.

The final authenticator app we recommend is Authenticator Plus. This is a paid app, but it allows you to install it on multiple devices. The advantage of this being that it provides you with multiple 2FA devices and easy to adopt backups.

Whichever authenticator app you decide on, you can set it up easily through the Nexcess Client Portal.

 

What if I Lose My Mobile?

If you lose your phone, you can still gain access to your account with a set of backup codes. These can be downloaded when you set up your 2FA account and stored either physically on a piece of paper or securely in your cloud storage.

These backup codes are only valid for single use. Once you have used them you will have to generate a new set of backup codes in the event you lose access to your account again.

Also note that you can contact our support team for assistance in the case this doesn’t work.

How to Disable Two-Factor Authentication

If you decide 2FA isn’t for you, then it can easily be disabled by heading to the Client Portal and turning it off. We do not recommend this as it can lead to compromised security.

Any other questions? Let us know.

Posted in: Nexcess