We just launched two-factor authentication (2FA) for Cognito Forms, which makes this the perfect time to discuss why you should be using this extra security measure – both on our platform and everywhere else it’s available.
What is two-factor authentication?
Two-factor authentication is a system that uses a randomized login code, in addition to your password, when accessing an app, website or other online account.
Why use two-factor authentication?
According to a 2019 Microsoft study, two-factor authentication can block 99.9% of attacks. And they should know. Microsoft defends itself against 300 million fraudulent sign-in attempts to their cloud services every day.
In fact, according to this article by Microsoft Security and Protection Team member Alex Weinert, two-factor authentication provides security that far exceeds even the best, longest and most well-kept passwords.
How does two-factor authentication work?
Before you can gain access to an account protected by two-factor authentication, you have to not only provide your account password, but also enter a unique six-digit code. This code is always changing, limited to one-time use, and can be sent to you via email or SMS, or accessed through an authenticator app.
In the event that an unauthorized user gains access to your password, this extra step will prevent them from accessing your account, forms and data.
The foundations of multi-factor authentication
Multi-factor authentication can take many shapes and utilize a variety of factors to help confirm that users are who they say they are. These factors generally fall into three categories:
Something you know
- A password
- A PIN number
Something you have
- A mobile phone (to receive a text)
- An authenticator app
Something you are
- Your fingerprint
- You (such as Apple’s Face ID)
Two-factor authentication requires you to utilize two of these factors, usually from different categories.
Choosing an authenticator app
Authenticator apps work by generating unique six-digit passcodes that refresh every 30 seconds. Users enter that code, in addition to a password, into an app or website to gain access.
You pair the app or website you want to secure with the authenticator (usually using a QR code), then use the secure codes there to access your accounts whenever prompted.
Some of the top authenticator apps include Google Authenticator, Microsoft Authenticator, LastPass Authenticator, Duo Mobile and Twilio Authy.
Cognito Forms two-factor authentication
Our two-factor authentication feature enables users to secure their personal accounts and protect their associated organizations. It also enables organization administrators to monitor 2FA compliance across their organization.
Enterprise plan administrators can require all users in an organization to enable two-factor authentication on their accounts. The system then automatically enforces 2FA across the organization, barring access to any user who does not have the feature enabled on their account.
This makes it easy for administrators to ensure their organizations comply with corporate regulations.
Two-factor authentication around the globe
As the EU continues making strides in cybersecurity, such as enacting its 2018 GDPR provisions, it’s also requiring 2FA on most online transactions.
The PSD2 Payment Services Directive requires strong customer authentication to be used when processing most online transactions in the EU. This strong customer authentication requirement can be satisfied by using two-factor authentication.
Banks throughout the European economic area are now using forms of multi-factor authentication to make e-commerce more secure.
The practice is also rapidly being adopted among major online retailers, social media platforms and apps. You’re probably already using it to help secure an account you have with Google, Facebook or Amazon. And it’s likely available to help secure your local bank account’s online access as well.
Wherever you find 2FA available, you’ll want to enable it and use it.
Reasons not to use 2FA
Honestly, there aren’t any reasons not to use two-factor authentication wherever it’s available.
Sure, it requires you to take one extra step when you’re logging into your account. But, that’s an extremely small inconvenience. And it becomes even smaller when compared to all the extra work you’d have to put into restoring one of your accounts if it ever got hacked.