Is two-step authentication the only way?

With all the recent hacking scares all over the world, you know and understand that your cyber security and your business’s cyber security are extremely important. However, when it comes to authentication processes, you may not be sure what the real deal is. There are two seemingly similar types of authentication that are often confused. Those are, of course, two-step and two-factor authentication. Find out more about the differences between the two here to ensure your cyber security will always be top of the line.

If you are seeking out a way to improve your business’s cyber security, both for your business itself as well as for your customers, you are likely looking at your authentication process. Two-step and two-factor authentication are two of the most commonly used options in cyber security. And in current cyber security, many businesses use the terms two-step and two-factor authentication interchangeably.

There are, however, subtle differences between the two. A two-step authentication process requires a single-factor login (such as a memorized password or biometric reading) as well as another of the same type of login that is essentially sent to the user. For example, you may have a memorized password for your first step and then receive a one-time-use code on your cell phone as the second step.

Two-step authentication does function to add an extra step in the authentication process, making it more secure than a single-step authentication (i.e. just the password). However, if a person or business is hacked, it will do only a little to stop hackers from getting a hold of whatever they are looking for.

On the other hand, there is two-factor authentication (sometimes referred to as multi-factor authentication), which is significantly more secure. This type of authentication requires two different types of information to authenticate. For example, it could be a combination of a fingerprint or retinal scan as well as a password or passcode. Because the types of information are different, it would require a hacker a great deal more effort to obtain both forms of authentication.

In essence, every two-factor authentication is a two-step authentication process, but the opposite is not true. With this information in mind, you can be certain that you are using the right type of authentication in your business to keep your business and customer information as secure as possible.

Your network needs the best security technology has to offer. What type of authentication that results in is just one of hundreds of choices that must be made to achieve that end. To take the stress out of securing and protecting your network, call us today for all the help you could ever ask for.

Published with permission from TechAdvisory.org. Source.

Google boosts security with physical keys

IT Support to Bio-Medical, Engineering & Manufacturing

If your business is lacking adequate security protection, the doors are wide open to an attack from outside. To make things worse, security threats are constantly evolving and developing, rendering them more difficult to keep up with. At least Google is on your side – its recent introduction of physical Security Keys for Drive for Work users means an extra layer of safeguarding for the cloud-based data files you rely on to power your organization.

Google already offers security precautions like two-step authentication, which provides additional protection by requiring you to enter not only your password but also a one-time code received by SMS or similar. This is a crucial weapon in the fight against hackers, since weak usernames and passwords are still be the primary reason for accounts being breached. Security Keys now take things one step further, strengthening your Google Drive account’s coat of armor to an even greater extent.

The Security Key is a physical USB device that is plugged into your computer, and which sends an encrypted signature, instead of a password or other code, to verify your identity and permit you access to your Google account. Crucially, Security Keys are inexpensive – starting from around $6 per unit – and require no additional software for deployment, use or management. Administrators have the ability to track when and where each key is used, as well as being able to disable them if lost and issue backup codes to allow staff uninterrupted access even if they do misplace their key.

Simplifying the login process is also a key part of what Google has tried to achieve with Security Keys. To that end, the first time you use your key to access your Google account on a particular computer, you can opt for Google to remember that device. On subsequent occasions you can quickly sign in using only your password, and without requiring either your key or a two-step authentication code. You can still sign in using your key on other machines, and if a hacker tries to access your account without your key they will also be prompted for a two-step verification code (which, unless they have access to your cell phone, they shouldn’t be able to provide).

Security Keys aren’t an entirely perfect solution, though – there are some significant limitations to the technology. For one, you can’t use them on mobile devices, since they require a USB port to work, and they only allow you to access your Google account through the Chrome browser. Windows, Mac OS, ChromeOS and Linux operating systems are all supported, but if you’re working from your phone or on a browser other than Chrome then you’ll need to continue using two-step authentication. Google says you can mix and match different methods of verification, opting to use Security Keys where they are supported and two-step verification otherwise (or if you don’t have your key with you).

What’s more, only Google Drive currently supports Security Keys – it’s not yet possible to use them with Google Apps, for example. But, while the technology is primarily targeted at Google Drive for Work users, it’s possible to link a single key to multiple accounts, meaning you can use it to access both your work and personal Google accounts. Some users have also queried how much of a safeguard the technology really provides in the absence of an additional PIN code or fingerprint authentication being required for activation, suggesting that a stolen Security Key could be used to access a computer that a user has previously asked Google to remember. But Security Keys do appear to offer at least some additional protection, which will be of comfort to businesses handling sensitive data.

Give us a call to find out how to employ Security Keys and other technology solutions to bolster your protection against network intrusion and data breaches.

Published with permission from TechAdvisory.org. Source.