Two-factor authentication (2FA to put it simply) means requiring someone to go through two steps before logging into an online account. The first step is the usual ID and password. The second step is often receiving a temporary code by email or text. If you consider 2FA to be a hassle any time you want to log into your email or bank account, you belong to an exclusive club of millions. But good reasons exist for adding 2FA for software you use regularly in your job. Let’s list a quick five:
- 2FA provides an added sense of security. Though your chosen login ID and password may meet the definition of strong, a second step can strengthen it further.
- Passwords alone don’t always cut it. This is a strong password: 2c78Q&uu2@cji2. Too bad nobody can remember a password like that. Instead, many of us create passwords like the name of our dog, a combination of our kids’ birthdays, or a combination of the dog’s and the kids’ birthdays. And then we use the same password for most of our online accounts. A second step, like a temporary code sent by text, somewhat makes amends for our tendency to use weak passwords.
- Hackers look for low-hanging fruit. Because lots of software does not employ two-factor authentication, persons and programs up to no good look for the easiest accounts to penetrate. Two-factor authentication makes an online account less appealing to them.
- Large organizations have many users. Many users can equate to more security gaps. When organizations have several administrative users for the same software, it can be hard to keep track of who should have access and at what level. Login information can end up in the wrong hands. Turnover can also be an issue if old credentials aren’t disabled. Two-factor authentication provides another level of protection.
- Protect Personally identifiable information (PII). Many organizations have strict policies about what kind of PII can be collected online. Yet, those who have online access to someone else’s PII may still be using simple login credentials like their email address as their ID and “23456789” as their password. If your organization stresses the importance of keeping PII secure, 2FA is a must.