Two-factor authentication (2FA) has been in use for over a period of time. 2FA technology has been employed by seven of the 10 largest social networking sites including Facebook, Twitter and LinkedIn as their authentication measure of choice. Passwords are intrinsically and fatally flawed, but 2FA can provide a simple solution to keep sensitive corporate information secure regardless of where it is accessed. Using 2FA can help lower the number of cases of identity theft on the Internet, along with phishing via email, as the criminal would need more than just the user's name and password. Source
Businesses are becoming increasingly concerned with the amount of personal and company data that is available to government authorities. And with good cause: unbeknown to many business leaders and employees, it is possible for government organisations to access business data not only without having to ask permission from anyone in the company, but without anyone even finding out about it.© 2014 Elsevier Ltd. Source
Computer Fraud and Security
Data security issues and security breaches within businesses are now a regular occurrence. Everyday it seems that we are hearing about a new cyber-attack or security flaw and just recently it was announced by CEBR and Veracode that cyber-attacks are costing British businesses £34bn a year.1 © 2015 Elsevier Ltd. Source
Although technology never stops evolving, sometimes it takes its time. Often for good reasons: new operating systems need to be assessed for compatibility before being rolled out across an organisation, and numerous technologies have been vigorously touted as the Next Big Thing. Virtualisation has been held back by connectivity limitations. And the cloud has suffered from the same drawbacks - the omnipresent connectivity that was promised and has yet to materialise. Computer security must always tread the fine line between efficacy and usability, but regular two-factor authentication (2FA) using physical tokens crosses this line. Users need to remember their token, while technical services departments are charged with the job of maintaining and administering each token. This is the overwhelming reason why 2FA has failed to catch on. However, new ways of implementing 2FA have been developed - the most popular being passcode delivery directly to each user's own mobile phone via SMS. Although computer security measures need to constantly adapt to each new threat, Andy Kemshall of SecurEnvoy argues that tokenless 2FA represents a new way forward for organisations that are looking for the added layer of security offered by 2FA in 2011. © 2011 Elsevier Ltd. Source
News Article | December 9, 2014
The password, once highly acclaimed as a security precaution, can no longer provide what it once promised. As technology constantly evolves, cyber-criminals also refine their tactics. Simple password protection is facing increasingly sophisticated threats, and can be rapidly bypassed, especially if users continue to use simple passwords in order to make them easy to remember. Users often have trouble with basic password-protected access, for example because they can no longer remember the relevant password or even the email address that was registered. It is therefore not possible to send a new password, which results in “non-active members”. Or users simply have to remember too many passwords, which results in the next danger arising: the use of passwords that are too simple. As highlighted in various studies, users often use “password”, “123456” or other such sequences of characters that are easy to crack. Hacked in less than ten seconds Brute-force attacks can, for example, crack a 6-digit password in about seven seconds. Many users also make the cyber-gangsters’ work even easier as they use the same password for multiple accounts, or never change it. But there is an easy way to make user access more secure without needing to banish the password completely. Double protection without the need for a token The use of a combination of factors enables more secure user identification, as is the case with two-factor authentication. This permits access only after the entry of a combination of two factors. In the case of the authentication technology provided by SecurEnvoy, the first factor is something that the user knows (e.g. username and password for access to the company’s computer) and the second factor is something that the user possesses. The SecurEnvoy solutions are especially convenient as they use a tokenless approach, i.e. mobile phones are used for this second factor rather than dedicated tokens. The user receives a passcode via SMS, email, soft token app or in the form of a QR code, and this can then be entered together with the user’s login details to prove the user’s identity. Network access is thus afforded a dual layer of protection.