Recognizing the Password Problem: Two-Factor Authentication in the Spotlight

Okta
October 16, 2012

password lockVerification has been making the news lately. Earlier this month, Box announced that it was adding a two-step login verification, just weeks after Dropbox added two-step verification. And it was Wired journalist Mat Honan’s devastating personal identity hack in August that inspired my blog series on what it takes to build secure cloud services for the enterprise. Two-factor authentication for Honan’s Google account, after all, likely could have prevented the attack.

On Friday, the New York Times published “Doing the Two-Step, Beyond the A.T.M.” about the recent installation of two-factor authentication across companies like PayPal, Dropbox, and Google.

What’s at the root of this focus on verification? The password problem. We’ve talked about it again and again — weak passwords and the employees who use them are among the biggest threats to IT security.

In the Times story, Nick Berry, president of DataGenetics, discusses how he analyzed large password databases and after shifting through 30.3 million passwords, he found 3.4 million consisting of only four digits. Of these four-digit passwords, 11 percent were “1234,” whereas 6 percent were simply “1111.” Hacker’s don’t need a lot of creativity to get past those flimsy barriers.

Companies could certainly make it more difficult for hackers — and not just by strengthening employees’ passwords, but by using two-step verification. As Randall Stross points out, an ATM is the perfect example of two-step verification: it requires the presentation of both a physical card and a correct PIN. Websites can do something similar, like sending users a text message with a code after they input the first password. A would-be thief would need access to both a users’ password and phone to access the account.

We’ve always offered multifactor verification to keep our customers’ information as safe as possible. Now, Dropbox, Box, PayPal — and even Gmail — offer two-step verification options. There’s no taking chances in enterprise security.

Tags

box security Multi-Factor Authentication 2FA
Previous
Next

April 16, 2024

Extend your passwordless journey to device login

By Cynthia Luu
Okta Device Access now supports passwordless login and FIDO2 YubiKeys for Desktop MFA Despite all the talk of driving workers back into the office, most…

Read now

April 15, 2024

Simple and secure user experiences: The latest on Okta Customer Identity Solution

By Ruchita Shah
Customer expectations are higher than ever, including access to the applications they need from any device, wherever they are in the world. Businesses are…

Read now

April 15, 2024

Fine Grained Authorization and new Okta Privileged Access features: The latest in Okta product capabilities

By Harish Peri
Welcome back to Okta’s Quarterly Release Overview! We’re excited to showcase our Q1 innovations from January–March. Dive into the latest capabilities,…

Read now

April 15, 2024

Jumpstart Identity with automation

By Frederico Hakamine
If you’ve ever found yourself thinking “Why does this process take so long? Don’t we have computers for that?” Well, you’re probably right. The strain you’re…

Read now

April 12, 2024

SMB Identity buyer's checklist

By Frederico Hakamine
TL;DR: Identity touches every point of your business. Here’s a checklist of what you should be asking yourself when shopping for an Identity solution.   …

Read now