Two-factor authentication is a great idea. But not enough people use it

Hackers can easily use stolen usernames and passwords to carry out cyberattacks because many online accounts still don’t use two-factor authentication controls designed to protect them.

Two-Factor Authentication (2FA) – or Multi-Factor Authentication (MFA) as it is alternatively known – is one of the key methods that individual users and larger organizations can use to help protect their accounts in against hacking, even if their login credentials have been leaked or stolen.

However, according to the DCMS 2022 Cybersecurity Breaches Survey, only around a third of organizations have a two-factor authentication requirement on user accounts – the figure rises to 37% for enterprises and 31 % for charities.

TO SEE: Multi-factor authentication: how to activate 2FA to strengthen your security

This means that around two-thirds of organizations have no rules regarding two-factor authentication, so employees are unlikely to use it, leaving their user accounts vulnerable to cyberattacks and hacks.

Two-factor authentication creates an additional layer of protection, requiring users to use a text message, app, or hardware key to confirm that they are the one trying to log into their account. This can help prevent cybercriminals from logging into online accounts with hacked or stolen passwords.

But with so few users equipping accounts with two-factor authentication, cybercriminals could gain direct access to accounts if they have the login credentials, if the username and password are stolen from the using a phishing email, guessed because they are weak or taken from a previous data download.

Hacked accounts, especially those accessed using the Remote Desktop Protocol, can be used to steal additional information, or be used stealthily to move around the network and lay the groundwork for a malware attack. or ransomware.

Two-factor authentication is more widely used in some industries than others. For example, DCMS data indicates that there are policies in place in about two-thirds of companies in the information and communications sector, while less than one in five companies in the food and of the hotel industry has rules about this.

Other industries where two-factor authentication is weak are utilities, production, and manufacturing, where only 28% of companies have policies in place. These critical industries are already a tempting target for cybercriminals – especially ransomware gangs – and the lack of additional account protections makes them even more vulnerable.

At a time when the government is urging organizations to beware of cybersecurity threats, more needs to be done to ensure two-factor authentication and other cybersecurity measures, such as timely security patching. , the use of strong passwords and keeping anti-virus software up to date – are in place.

“It’s vital that every organization takes cybersecurity seriously, as more and more activities are happening online and we live in an age of increasing cyber risks,” said Cyber ​​Minister Julia Lopez.

“No matter the size of your organization, you need to take steps to improve digital resilience now and follow free government advice to help us stay safe online.”

The National Cyber ​​Security Center also offers advice for businesses and individual users on how to secure accounts and stay safe online.


Leave a Comment