As cyber attacks become more and more common, protecting your data is increasingly difficult. In fact, a study from Juniper Research found that by 2023, cyber criminals are expected to steal an estimated 33 billion records.

In light of the growing number of cyber attacks, many companies are turning to two-factor authentication (also commonly called 2FA or multifactor authentication) to enhance their cyber security.

While no cyber security method is foolproof, using two-factor authentication can add an extra layer of security to your online accounts. So how exactly does two-factor authentication work?

What is Two-factor Authentication?

While complex passwords can help deter cyber criminals, they can still be cracked. To further prevent cyber criminals, they can still be cracked. To further prevent cyber criminals from gaining access to employee accounts, two-factor authentication is key.

Two factor authentication adds a layer of security that allows companies to protect against compromised credentials. Through this method, users must confirm their identity by providing extra information (e.g., a phone number or unique security code) when attempting to access corporate applications, networks and servers.

With two-factor authentication, it's not enough to just have your username and password. In order to log in to an online account, you'll need another "factor" to verify your identity. This additional login hurdle means that would-be cyber criminals won't easily unlock an account, even if they have the password in hand.

A more secure way to complete two-factor authentication is to use a time-based one-time password (TOTP). A TOTP is a temporary passcode that is generated by an algorithm (meaning it'll expire if you don't use it after a certain period of time). With this method, users download an authenticator app, such as those available through Google or Microsoft, onto a trusted device. Those apps will then generate a TOTP, which users will manually enter to complete login.

Why Two-factor Authentication and Password Management Is Important

As two-factor authentication becomes more popular, some states are considering requiring it for certain industries. It's possible that as cyber security concerns continue to grow and cyber attacks become more common, other states will follow suit.

Even if it's not legally required, ongoing password management can help prevent unauthorized attackers from compromising your organization's password-protected information. Effective password management protects the integrity, availability and confidentiality of an organization's passwords.

Cyber Security Action Steps for Employers

Above all, employers will want to create a password policy that specifies all of the organization’s requirements related to password management.

This password policy should:

  • Encourage the use of passphrases, requiring the minimum length to be 16 characters, but allow for longer ones (length = strength, when it comes to passwords). These passphrases should not be easily guessable-do not use popular phrases, lines from speeches or literary quotes.
  • Require employees to change their passphrases on a regular basis, to avoid using the same passphrase for multiple accounts and to never share their passphrase(s).

The use of multi-factor authentication should be required to be used whenever available/possible. Employers should also provide and encourage the use of a password manager.

For additional cyber risk management guidance and insurance solutions, contact your North Risk Risk Advisor. Don’t have an advisor? No problem. We’ll help you find one.

This regulatory update is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice.