Want to avoid having your online accounts hacked?
Enable two-factor authentication (2FA), an increasingly important security measure that requires a second step when signing in. It strengthens access security to protect against phishing, social engineering, as well as password attacks. It prevents anyone but you from logging in, even if they know your password. Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked and you might never know that someone is accessing your account.
How does 2FA work?
2FA requires two forms of authentication that can come from any combination of at least two of the following factors:
“Something you know,” such as a password
“Something you are,” such as a fingerprint
“Something you have,” such as a smartphone that can receive a confirmation code
Generally, two-factor authentications today use the first factor, a password, and the last item, a smartphone. Most people today have some type of trusted smartphone or device that can send a unique code that is used along with a password to sign in. Services including Google and Microsoft will just send a push notification where you only have to tap your device to approve. Withdrawing cash from an ATM is an example of 2FA in regular life, as it requires your bank card as the “something you have”, along with your PIN, the “something you know”.
Other factors that are sometimes included are:
A location factor is usually enforced by limiting authentication attempts to chosen devices in a particular location. The geographic source of an authentication attempt can be tracked based on the source Internet Protocol address or Global Positioning System (GPS) data, derived from the user’s mobile phone or another device.
A time factor restricts user authentication to a specific time window in which logging on is permitted and denies access to the system outside of that window. A popular hybrid is Time-based One-Time Passwords (TOTP), where a unique numeric password is generated with an algorithm that uses the current time as an input. These time-based passwords are available offline and provide user-friendly, increased security when used as a second factor.
Authenticator apps
It’s a great idea to employ an authenticator app rather than receiving codes via text message. What if you’re travelling and can’t receive a text? Many people use the original, Google Authenticator, for authenticating logins into various websites and services. But it does have a downside since you have to set it up individually on every device you use. This isn’t a problem for those who only use a smartphone, but if you have a few more devices, that can get annoying.
At WW Works we use and suggest to clients, Duo Authentication for Windows Logon. We’ve found that it takes the headache out of securing both data and devices. Duo Authentication for Windows Logon adds Duo two-factor authentication to local or domain account logins,
logins at the local console and/or incoming Remote Desktop (RDP) connections, as well as Credentialed User Access Control (UAC) elevation requests.
We love that this Duo solution provides two-factor authentication to all interactive user Windows login attempts, whether via a local console or over RDP, unless an individual selects the “Only prompt for Duo authentication when logging in via RDP” option in the installer. If two-factor is enabled for both RDP and console logons, it may be bypassed by restarting Windows into Safe Mode (e.g. in case of a configuration error).
A new version of Duo Authentication for Windows Logon has added support for local trusted sessions, which reduces how often users must repeat their two-factor authentication. The “Remembered Devices” policy now includes a setting for Windows logon sessions, which when enabled offers users a “Remember me” checkbox during local console login.
Zero Trust
The modern workforce is more mobile than ever before, with users and devices connecting from anywhere and everywhere. With a Zero Trust security model, you can establish safety for your team and their devices through authentication and continuous monitoring of each access attempt. A quality 2FA, such as Duo Authentication for Windows Logon, is designed to safeguard all users, devices, and applications.
Thinking about 2FA Implementation for your organization?
There are a lot of solutions and considerations for implementing and enabling 2FA into your organization, and we’d be happy to have a quick chat to see what might be possible for you.
Contact WW Works to experience valuable IT solutions and Managed IT Services on a small-business budget. We proudly serve small- and medium-sized businesses in Toronto, Hamilton, Burlington, Oakville, Mississauga, and the Niagara Region.
Let us worry about IT.