What Should We Consider When Adding 2FA to Our Cloud Account Logins?
Compromised passwords are the major cause of cloud account data breaches. In 2019, 77% of cloud service breaches were caused by hacked passwords.
Stealing user passwords through malware or a spoofed login form has because the #1 purpose of phishing attacks. Which makes securing passwords at the top of the priority list for any Ohio business that wants to avoid a costly account compromise.
What can happen when your cloud service accounts, like Microsoft 365, QuickBooks Online, or SalesForce are compromised by an attacker? You can suffer from multiple attack types:
- Your email account can be used to send out phishing emails.
- A hacker could have access to your bank account information.
- Any stored credit cards could be compromised.
- Your list of usernames and passwords for that account could be stolen and sold.
- Ransomware could be injected into cloud storage.
- A hacker could quietly steal documents and emails for months or even years.
It’s important to put password best practices in place to urge users to create strong passwords that are difficult to hack. But this is only one step in the account security process. Cloud infrastructure also needs to be protected by two-factor authentication (2FA).
You could have the strongest passwords in the world and still have them compromised by a 3rd party breach. For example, so far in 2021, there have been several breaches that exposed the login credentials of millions of users. Some of these are:
- Facebook, Instagram, LinkedIn, 214 million user accounts were breached through a Chinese social media management company.
- Pixlr: This free online photo-editing site had 1.9 million user records breached.
- Microsoft Exchange Server: Initial reports were that 30,000 organizations had email account breaches, which has now risen to over 200,000.
So even the strongest passwords can become compromised and need protection. That’s why 2FA is a vital tool to use for securing your cloud logins.
Two-factor authentication can block 99.9% of fraudulent sign-in attempts, even if the hacker has the password.
Things to Consider When Enabling Two-Factor Authentication
Even though implementing 2FA is an easy decision when it comes to the security of your cloud accounts, you do need to consider a few things before putting it into place. This will help your transition go more smoothly for your companies and your users.
Which Method Will You Use for Receiving the 2FA Code?
Two-factor authentication adds an additional step for users to log in. This is the input of a time-sensitive, unique code into the webform to complete the authentication process. How the user receives this code can differ.
Some will be more convenient than others, while some are more secure. You want to choose a balance between security and convenience.
The three methods you can choose from are:
- SMS/Text Message: This is the most convenient and most commonly used. The drawback is that it’s slightly less secure because SIM cards from mobile devices can be cloned.
- Authentication App: This is also a fairly common method but includes an additional step of choosing the authentication app to use, and a need to have users install and set it up. It has the mid-level of security between the three methods.
- Security Key: A security key device that is plugged into a phone or PC is the most secure way to get the 2FA code. This is also the costliest method because you need to buy the key. It could also be less convenient if a user loses the key.
How Many Logins Need 2FA?
Most companies have more cloud accounts and online logins than they realize. A company with 50 or fewer employees averages 40 cloud apps, and a company with 51-100 employees averages 79 of them.
It’s important to have a strategy and not just start enacting 2FA before you know how many accounts are involved.
Go through all your accounts that require a login, including any used with Remote Desktop Protocol (RDP). You want to have a full count so you can ensure all are enabled together and none that could compromise your data are left behind.
Consider Implementing a Single Sign-on (SSO) Tool
Even if you had half of the cloud accounts of an average small business, that’s still a lot of disruption for employees if they must enter MFA codes into them all day.
You can streamline the process for your users and give yourself more control over the type of 2FA you use by implementing a single sign-on tool. An SSO gives you one portal where employees can sign in and enact 2FA for all of their logins. You also get more control over additional challenges you may want to add, such as including an additional security question if a login attempt is at night.
Get Help With a Fluid 2FA Strategy for More Secure Accounts
AhelioTech can help your Columbus area business implement 2FA and single sign-on to secure your cloud accounts without sacrificing employee productivity.
Contact us today for a free quote. Call 614-333-0000 or reach out online.