Why two-factor authentication is worth the extra step

Stefan DeCosse

Stefan DeCosse

Vice President Information Security

Stefan joined Payworks in 2015 as a key member of the security team and has been instrumental in evolving our security practice, including the establishment of our Security Operations Centre from the ground up.
vice-président de la sécurité de l’information

Stefan a joint les rangs de Payworks en 2015 à titre de membre important de l’équipe responsable de la sécurité et joue un rôle clé dans l’élaboration des pratiques de sécurité, dont la création d’un centre d’opérations de la sécurité à partir de zéro.

While the term itself may not be familiar, you very likely already use two-factor authentication (2FA). Whether it’s a text code sent to your cell phone or a fingerprint scan while logging into your bank account online, 2FA requires two distinct pieces of authentication for access to a website or application. And while it may feel like unnecessary extra hassle, 2FA is evolving alongside and in response to the increasingly-sophisticated security threats that we each encounter in our digital world.

To better understand the real benefits of 2FA and why each of us should enable this feature on any site that houses confidential information, here are the unfiltered pros and cons of this cyber security best practice:

Taking that extra step

Con: It’s a bother. A pain in the you-know-what. It’s an annoying extra step that can sometimes feel like a burden. It’s 2020, and we all should be able to access what we need in an instant… right?

Pro: No matter how habitual it’s become, accessing confidential information should never be a mindless task. If the process required to obtain private information is relaxed, that means it’s that way for everyone – not just the authorized user.

Isn’t that what passwords are for?

Con: 2FA can be perceived as non-essential when the user has created a secure username and rock-solid password system.

Pro: If a computer or password was ever compromised for any reason, the malicious individuals wouldn’t have access to the second verification code and therefore wouldn’t be able to access the 2FA-protected account.

What’s the rush?

Con: Our number of to-dos never dwindles. Putting aside time to set up and learn how to use 2FA that wasn’t previously “needed” can feel like a task for the bottom of the list.

Pro: There’s been a global increase in phishing campaigns during the COVID-19 pandemic. These campaigns trick individuals into giving up their login credentials or inadvertently installing malware that steals them.

I don’t want to bother my employees with this

Con: Not knowing how to successfully implement and answer 2FA questions from employees with differentiating levels of technological experience and access to mobile devices can feel frustrating.

Pro: The good news is that many individuals are already using 2FA on their own personal accounts – they just might not know that’s what it is! Types of 2FA can include SMS (text message), authenticator app, biometric method (such as a fingerprint), a PIN or a fob, and many more. Pick the one that best suits your organization.

Yes, 2FA is an extra step, but it also provides an increasingly-necessary layer of additional protection for your company’s critical information. It isn’t supposed to be instant; in fact, it’s intended to make account access that much more difficult, even if it makes your fingertips drum and your eyes roll. While it makes account access a little bit more annoying for you, two-factor authentication (2FA) makes it more or less impossible for anyone who shouldn’t be in your account. And ultimately, your data is worth that extra protection. 

For more insights into information security best practices like this one, download a free copy of our Security Best Practices E-Book: https://www.payworks.ca/landing-pages/campaigns/security-best-practices-e-book

Seeing is believing!

Curious what better Canadian workforce management looks like in action (and how much time you could reclaim in your day-to-day)? Book a pressure-free, get-to-know you demo today.