Two-Factor Authentication: Why a Password Alone is a Security Risk

Passwords – they’re everywhere. Include a digit, a special character, a combiNatioN of loWEr and uPpeR case, a symbol.

Two-Factor Authentication: Why a Password Alone is a Security Risk

Passwords – they’re everywhere. Include a digit, a special character, a combiNatioN of loWEr and uPpeR case, a symbol.

Written by:

Ivan Pointer

Read time:

3 min


Two-Factor Authentication

Passwords – they’re everywhere. Include a digit, a special character, a combiNatioN of loWEr  and uPpeR case, a symbol. Don’t use your birthday or your pet’s name, or heaven forbid “password.”

If you’re like most people, you struggle to remember the long list of passwords for all your online accounts, making them secure to even, well, you. But what if a password, as long and convoluted as you make it, just isn’t enough? With hacking and cyber attacks getting more sophisticated each day, you need another layer of security, especially for your business accounts. That’s where Two-Factor Authentication comes in.

Two-Factor Authentication (or 2FA, as it’s commonly abbreviated), is a double layered system of protection that makes your account less vulnerable to would-be thieves. 2FA combines the password or PIN you’re used to using with another way of verifying that you are who you say you are, and not a fraudster pretending to be you.

How Two-Factor Authentication Works

There are three common types of credentials you might use to access an account:

  • Something You Know – like a password or a PIN
  • Something You Have – such as a phone or an ID badge
  • Something You Are – your fingerprint, voiceprint or retinal scan

Two-Factor Authentication works by creating another test, beyond your password or PIN, to show that you’re the authorized user of the account. For example, you might sign into an account with your username and password, but then your account sends a text to your phone with a one-time password that expires within a few minutes. Or after you enter your knowledge credentials, you scan a company key fob or use a biometric scanner to verify your fingerprint.

No matter how complex and original you think your password is, there are many ways for a scammer to conquer it, either by using a computer-powered password generator, intercepting your login information over an unsecured network, finding your phone or other personal device, or even by simply guessing. IT professionals and security analysts have long declared the password “dead” and have urged people to use multi-factor authentication to secure their accounts.

With two-factor authentication, a thief may be able to break through your password, but without the second layer of protection, the password will be useless.

A Worthwhile Hassle

If passwords already seem like enough of a hassle in our busy, modern lives, adding two-factor authentication may seem daunting. But in reality, most 2FA systems add a lot of security for relatively little more work than a password. You’ll still have to remember your username and password (or use an app or system that remembers it for you), but the second layer doesn’t involve remembering anything. Most people carry their phone with them at all times, as well as their keys and/or wallet, so the second layer of authentication can be achieved relatively easy. If you use a biometric identifier, it’s even easier to accomplish. It’s unlikely you’d be logging into your account without your fingerprints.

Setting up a 2FA system doesn’t have to be a hassle either. Most website service accounts support 2FA, and all it requires is activating it in the settings. Sites like TwoFactorAuth can help you determine what services offer 2FA. Your IT professional should be able to set up 2FA for any critical business accounts that don’t already have it, or you can employ a vendor to provide multi-factor authentication for you, such as Symantec VIP or Vasco Identikey. More sophisticated 2FA systems, such as those that use biometrics, will require a more significant monetary investment and may take more time to set up.

With hacking, key logging, social engineering, and many more techniques that scammers use to steal your password, the reality is that only using a password is too risky for any business, considering what’s at stake for you and your clients if your data is stolen. If 2FA does create a small hassle every time you log in, it’s a hassle well worth the level of security it offers.

Ivan Pointer

Engineering Lead

Ivan is passionate about building great teams, great culture, and great software. Before CertifID, Ivan worked with companies like EDS, HP, NIC, and SailPoint, gaining experience in government, enterprise architecture, and security.