Password hacks are fast becoming one of the most lethal threats to modern website security, with two-factor authentication rapidly becoming the go-to solution for those looking to deal with this unique area of assault.
What is Two Factor Authentication?
Two factor authentication is a simple test that in addition to asking for your login password, also asks for another form of contact that you have in your possession. Once you enter your password, a second code will be sent to this other contact form (such as a phone or e-mail account), and you can then enter the second code in order to gain access. The aim is, of course, to block even those that are able to obtain an account password.
A number of firms have already begun to implement two factor authentication, such as Google/Gmail, Facebook and Dropbox (as well as a few others). The technique is likely to become ubiquitous over the next year or two.
Why is Two Factor Authentication Necessary?
Why is two factor authentication needed? Simple: because the password screen remains one of the weakest security areas of any modern website. A recent study by website security firm Incapsula highlighted the full extent of the problem, showing that an astonishing 15 out of 16 users that visit a login page are actually intruders.
1,000 websites were surveyed over a 90 day period, during which over 1.4 million unauthenticated access were attempted (20,376 authenticated logins were detected in the same time). What’s even more disturbing about this is that only 2.8% of the unauthenticated attempts were made by humans. Whilst another 1.8% came from legitimate sources (search engines, crawlers, RSS readers, etc), a remarkable 94% of visitors to the login page were malicious bots.
Password Attacks
In a sense, the password attack is perhaps the most valuable form of assault for any hacker: it is one of the only ones that provides them with absolute and total access to the website, to change it as they wish. It will also give them the ability to access confidential financial information on customers and the owners of the site. As well as this, they would be able to edit the website in any way they saw fit (which could be extremely damaging to any professional website) and would have the option of deleting the website entirely. With password access, the whole remit of the site falls under the control of the hacker.
It is hard to imagine future website security trends not being affected by two factor authentication. The more money is generated by the web as a whole, the more valuable password access will be to hackers, meaning the targeting of password screens (which is already quite substantial) is only likely to grow.
In Conclusion
In the modern day, it is simply not enough to have a strong password, as the adoption of two factor authentication by some of the internet’s biggest companies indicates. It’s time for smaller website owners to adopt their security processes in order to prevent unauthorized access. A two factor authentication system is ideal.
This article was written by Amanda Walters, an experienced freelance writer and regular contributor to Huffington Post. Follow her here: @Amanda_W84
Great to see coverage on two-factor authentication from the site. With Duo Mobile (Duo Security’s two-factor app) you can not only utilize the power of Duo’s own platform but also use any two-factor solution that supports the TOTP standard such as Facebook, Google, or Evernote.