Password Authentication: Two-Step vs. Two-Factor (aka Multi-Factor)

You would be surprised to learn how many people still use a password like shown above...or "Password" as their password.

There are many areas of focus when it comes to keeping your IT network safe and one of the weakest points has traditionally been employee laxity. When it comes to protecting the passwords your employees use when logging in, most people don’t take the precautions necessary to protect themselves…or YOUR business. Not long ago, simply occasionally changing your passwords was considered enough, but with hackers becoming more and more sophisticated, your means of protection needs to become more sophisticated, as well.

That said, most people do realize that that securely logging in is critical. They just don’t understand what it entails. If you already understand that simply changing passwords isn’t enough, you may be familiar with the terms “two-factor” and “two-step” authentication, which are both in wide use today. Many people assume these are two terms for the same functionality, but that is not the case. There are differences…somewhat subtle but also important.

The “two-step” process is still what we call a “single-factor” authentication in that you would have a single login password that you have likely memorized, but additionally, you would have to take an additional step. For example, you may be sent a one-time code via your smartphone. This is a common practice when changing passwords on a website that is used by the public. The single factor is your password; the two steps are entering your password, then entering the code you were sent.

By adding that extra step to the login process, two-step authentication does make logging in more secure than a single-step authentication (i.e. just the password). However, if a person or business is hacked, it will do only a little to stop hackers from getting a hold of whatever they are looking for.

To reach a higher level of security, the “two-factor” (AKA “multi-factor”) authentication process takes your security to a much higher level. This authentication process requires you to provide two different types of information, such as password or passcode plus a retinal scan or fingerprint. In this case, you are providing two entirely different types of information, requiring a much higher level of effort and skill on the part of a hacker.

Essentially, every two-factor process is also a two-step process, but the reverse is not true. Not every two-step process is a two-factor process. This important distinction can be the difference between keeping your company’s data safe or leaving a way in for skilled cyber criminals.

We believe that the best way to determine the process that fits your business needs is to ask for a complimentary IT assessment from your managed IT service provider, or take you analysis to an even higher level with a Strategic Technology Review.

DynaSis has been serving the needs of the small to mid-sized business community in Atlanta since 1992 with managed IT service, managed IT security, business cloud, and a host of other IT solutions.