By DynaPass Inc. on March 11th, 2016
DynaPass Inc. is a provider of out-of-band two factor authentication online security solutions via a mobile phone.
Two Factor Authentication (2FA) has become an increasingly common tool over the last few years. As the number of cybercrimes continues to grow at an alarming rate, media attention to the topic has grown as well. For the most part, the press has treated cybercrime much the same way it treats everything else, with sensationalist/alarmist reporting, while never really hitting the heart of the topic. Everywhere you look on the internet or even in physical media, articles advise us to opt-in to 2FA whenever it’s available. The missing piece of advice is encouraging not just the end users, but companies and organizations, to make 2FA available. When an individual uses 2FA, while great, it is protection for only a single set of data on a single site. When an enterprise implements a total 2FA integration, not only does it offer this significantly stronger level of log-in authentication to every single one of its users, it also protects its finances, sensitive data, and reputation.
Recent years have seen a drastic increase in the use of compromised login credentials for everything from basic online purchase fraud to the largest of data breaches, and it’s only getting worse. According to the San Diego, California based Identity Theft Resource Center 2015 alone has seen the confirmed exposure of over 175 million data sets in the United States alone. Those 175 million are a bare minimum, any decent report will show that there are many more companies that experience data breaches, but never release their numbers to the public.
While some of these data sets may not include login credentials, many of them do. And as any internet search will show, there are a multitude of studies that demonstrate how common it is for people to re-use their username and password combinations across multiple sites. Criminals have adapted to this landscape. The availability of so many credentials has turned online fraud into an amateur’s game. Almost anyone with a criminal inclination and a little bit of patience can get a hold of and attempt to use these credentials across any number of websites. By adding a modicum of technique, this can be done in a way that is extraordinarily difficult to detect and almost impossible to prevent. With this in mind, every single username and password combination of your userbase can be seen as a potential fraud risk. DynaPass two-factor authentication puts up an immediate roadblock to these kind of threats. Even if criminals manage to find a set of working credentials, without the one-time use password sent directly to the user’s phone, the credentials only serve to alert the user that there was an unauthorized access attempt. It’s good for individual users, it’s great for companies.
Beyond the benefits of utilizing two-factor authentication for customer logins, 2FA used in a company’s IT infrastructure can provide protection for all it’s data, and based on recent history, potentially prevent devastating data breaches. According to studies such as Verizon’s 2015 Data Breach Investigation Report, compromised credentials have become the most commonly exploited point of attack in data breaches. Anthem, eBay, the US Office of Personnel Management, JP Morgan, all of these major breaches involved stolen user credentials. JP Morgan was missing 2FA on a single server which the criminals managed to exploit and leverage into high level access to the rest of their system. With two-factor authentication, those stolen credentials would have dead ended as soon as they came to the passwords sent to the legitimate users mobile phones.
Both sales fraud and data breaches are potentially devastating to your bottom line. While the losses from fraud are fairly straightforward, financial losses from data breaches are more complicated to quantify. The 2015 Cost of Data Breach Study (United States) from IBM and the Ponemon Institute puts the average cost of each record stolen in a data breach at $217, while other studies such as the 2015 Cyber Claims Study by Net Diligence calculate that number to be as high as $964 per record. Is your cyber security up to the task?