What is 2 Factor Sign In? Should I be Using It?

DUO. What is 2 factor sign in? 2 form factor authentication. MFA. Cybersecurity.

June 03, 2019
Monica Gordon

How many times have you heard on the news of another company falling victim to a data breach? It seems like every week or so there is a successful attack on a major company. In fact, more than 4,000 cyberattacks occurred daily in 2016. That number has only continued to rise and does not appear to slow down anytime soon. A study from Cybersecurity Ventures found that in 2019 every 14 seconds a business will undergo a ransomware attack. This should raise your concern for the ever-growing need for cybersecurity.  

But how?

Two-factor authentication is a sure-fire way to overcome hacking-related breaches. Today, 43% of cyberattacks target small businesses, so it is imperative to protect your data from attackers. By using Duo’s two-factor authentication, user’s identities will have to be first be verified before gaining access to their data. This can be done in three ways: sending a push notification, by phone call, or with a verification code sent to their smartphone which prevents access on other devices or applications until the code is entered. However, not all two-factor solutions are equal. Vendors use a variety of solutions that range from providing the least possible to satisfy compliance requirements to varying deployment and maintenance costs. It is important to make sure that implementing two-factor sign in will not be a hindrance to your organization, but add security and peace of mind knowing your data is protected from hackers. 

Video: An Introduction to Duo Security

Will this work for me?

Now that you know what two-factor sign in is, you need to assess which solution is right for your business. When deciding between vendors and their offerings, you should evaluate the following five areas:

1.     Security Impact

2.    Strategic Business Initiatives

3.    Total Cost of Ownership

4.    Time to Value

5.    Required Resources

By doing so, you will ensure your solution is tailored perfectly to your business’ needs and goals, while seeing that ROI increase.

Security Impact

The most critical aspect of Duo’s solution is to reduce the risk of a data breach, meaning everything requiring a logon must be secure. This includes applications, networks, and data that can be accessed remotely. In addition to secure logons, your solution should allow you to set policies and controls, have flexibility to keep up with company growth, and be able to detect compromised devices. Choose a solution that provides you with reports on authentication attempts, data on IP addresses, and more to gain insight on potential attacks.

See also: 4 Reasons Why Cybersecurity Is More Important Than Ever

Strategic Business Initiatives 

Any new system requiring integration into your company should align with your business needs and goals. To ensure your solution will coordinate with today’s business initiatives as well as tomorrow’s, your solution should be scalable. As we are shifting to a more mobile world, how compatible will your authentication be with mobile devices? Test that your solution provides a mobile app, accessible on all systems (iOS, Android, Windows Phone, and Blackberry). Then, make sure the app is user-friendly for all ends, from enrollment, daily authentication, to solution management. Depending on the type of data you work with like personally identifiable data or customer payment data, your solution should meet the compliance regulation requirements and be able to provide up-to-date proof of compliance reports. 

Total Cost of Ownership

It is important to assess the total cost associated with your new authentication system, including upfront, deployment, and ongoing charges. Otherwise, you might be caught paying dollar after dollar for hidden fees or unforeseen expenses. Check out your vendor’s purchasing model and ask yourself the following questions:

1.    Am I paying per device, user, or integration?

2.    Is the administrative software/hardware included?

3.    Do I have to purchase dedicated end-user devices or servers?

4.    Can I deploy this solution using my in-house resources? 

5.    How long will deployment take?

6.    Does my vendor automatically update the software and how often?

7.    Will my provider maintain my solution, or do I need to hire personnel?

8.    Is support available or an extra cost?

Many traditional solutions have low upfront costs, with lots of hidden fees. The last thing you want is to fall victim to hidden fees while trying to protect your company from a data breach. 

Time to Value

 We all know how valuable time is and the importance of not wasting it. When determining the right solution for your business consider how long it will take to get the system up and running and your employees on-boarded and trained. Cloud-based services deploy faster because they don’t require hardware or software installation, versus on-premise solutions which take more time and resources to deploy. Additionally, choose a vendor that supplies drop-in integrations for major cloud apps, VPNs, Unix, and MS remote access points as well as reporting logs in real-time. 


Required Resources

A solution requiring many additional resources may not be worth the time and cost to implement. Decide what areas you will need to fill in that are not covered by your vendor from integration, management, maintenance, and monitoring to ensure your solution is adding value. Your two-factor solution should support users and devices, require minimal ongoing maintenance and management, offer a centralized administrative dashboard, and be hassle free. If you are spending more time and resources trying to implement and maintain your solution, than you are receiving the benefits of your two-factor authentication you might want to investigate a new vendor. 

The Geek Freaks Podcast