I am happy to announce that AssuranceMD has implemented of another layer of security to your hosted applications with us known as Two Factor Authentication (2FA). You may not realize it but you are probably already using 2FA in the physical world (i.e., when a credit card company or bank asks you to verify yourself by providing additional information). I believe a further understanding is warranted of what 2FA is and why it is a good Idea to incorporate into your mission critical on-line environment.
In short, 2FA adds a second layer of authentication to your users log-in. A single factor authentication is when you enter a username and password. 2FA requires users to have two out of three credentials before accessing their log-in. The three credentials are usually:
- Something you know (i.e., password, PIN or pattern)
- Something you have (i.e., ATM card, cell phone or fob)
- Something you are (i.e., finger print, voice recognition or retina scan)
2FA protects against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.
We believe the most effective security solution is one your users actually use. Our 2FA solution only requires users to carry their smartphone with the necessary app installed. Logging in via push notification is the fastest and easiest way to utilize this technology. Using push notification or SMS passcodes sent directly to your phone as the second factor authentication, can protect against what is commonly known as man-in-the-middle attacks. While not totally impervious to hackers, 2FA does require hackers to acquire the physical component of the login or gain access to cookies or tokens placed on devices by the authentication mechanism. The challenge here is it will add an extra step to the user log-in process that could be a minor inconvenience for some and major pain for others.
Ensuring a higher level of security sometimes requires patience and a willingness to spend a little extra time. In the instance of adding push technology, the extra time translates to just a few seconds.
Our goal is to institute security measures that best provide peace of mind and protect your data. If you have any questions surrounding 2FA, please contact us.