Two Factor Tuesday: The Beginning of an Important Conversation About Online Security
Last Tuesday, October 6th, 2015 was designated as Two Factor Tuesday by the National Cyber Security Alliance. When compared to National Donut Day (June 3rd) or Take Our Sons and Daughters to Work Day (April 28th), Two Factor Tuesday is less than glamorous, but so very worthy of being noted, if not celebrated.
The purpose of the day was to raise awareness of strategies and solutions that provide an extra layer of security for our online interactions from how we access our bank accounts online to how we login to our work environments. As the FBI pointed out in their cyber tip bulletin last week “using TFA [two factor authentication] does not mean you don’t have to take extra care with your password” but it does provide an additional layer of protection for our on-line personal and business information.
I’m pleased that we have a day dedicated to talking about two factor authentication, but I’d like to see the topic of conversation broadened to discuss ‘higher orders’ of authentication – solutions that up the level of security without burdening users with complexity. Frankly, in the U.S. we’re behind the curve in using authentication solutions in much the same way as we’ve lagged in the adoption of more secure credit card solutions. And while lagging behind certainly isn’t a good thing for our online safety and security this isn’t a good thing, per se, it should allow us the opportunity to move ahead to adopt the best in class solutions rather than just accept the norm.
The issue with traditional TFA solutions is that they are still vulnerable to compromise; tokens are lost or stolen far too often and when combined with weak passwords, they provide no better protection for privileged information and trade secrets. Integrating mobile-phone platforms to provide out-of-band authentication is one of those small, but significant, steps that improve the standards of security without adding complexity to the process for the end user.
At the Two Factor Tuesday event, hosted at Google’s Washington, D.C. headquarters, the message was clear that companies need to start integrating authentication solutions now. The challenge now is to overcome the resistance to changes in login procedures that are so often cited as the reason that multi-factor authentication solutions are not deployed. I’m proud that my team at Authomate and I are part of the movement that will provide consumers, enterprises, and government agencies with the technology to accomplish the goal of building stronger authentication tools, for a more secure online world.