December 20, 2016
How Two-Factor Authentication Keeps Your Data Safe
If you’re a security professional, then you know that passwords just aren’t enough to secure your accounts anymore. If you’re not a security professional, then here’s a friendly tip from Datto: passwords just aren’t enough to secure your accounts anymore. That’s why we’ve added two-factor authentication to the Datto Partner Portal.
Even though password cracking technology has advanced to the point where even proper hashing provides less security than it once did, the risk that your own network is improperly secured isn’t the biggest issue. The bigger risk these days is that one of your employees uses the same identifying information and passwords at work as they do on less secure, outside systems such as forums or chat software. Once hackers compromise those password databases, it’s a very small jump indeed before they start coming for yours.
To wit, in 2016 alone, dozens of firms whose names you know as well as your own fell victim to password breaches, including Oracle, UC Berkeley, the IRS, Wendy’s, LinkedIn, and the US Department of Justice. The DOJ, incidentally, is home to the FBI, which according to its own website is the leading federal investigator of cyber crimes in America. So what can the rest of us do when even the Lord Commander of America’s cyber defenses can’t fully protect itself?
The answer is simple: diversify your defenses. Don’t trust that your data and your reputation are safe behind a single, breachable wall. Two-factor authentication (2FA) verifies who you are by using two of the three categories of identification:
what you know: passwords, PIN numbers, and security questions
what you have: mobile devices, ID cards, and mobile devices with tokens
what you are: fingerprints, retinal patterns, face, and voice signatures
Datto uses the Authy API to provide 2FA if you choose to opt-in. Authy uses a password and a token on your mobile device for authentication. Authy makes 2FA easy with a one-touch option. Simply open the app, tap “OneTouch,” tap “Approve,” and you’re in. If you’re concerned about the inconvenience of an extra step, you can assuage that anxiety by knowing that the loss of data, trust, reputation, and revenue that 2FA protects you from would come with a significantly larger bother.
According to Sergio Espinosa, a Datto Product Manager who worked on the Authy integration, Datto partners pushed for 2FA at DattoCon 2016. “They need it to meet auditing standards,” he said. “Passwords are relatively easy to crack. The addition of a mobile device token increases security.”