Many companies use cloud and SaaS services to process personal data or sensitive information such as payment data. However, the responsibility for the security of this data remains with the company – not the provider. Nevertheless, two-factor authentication, an additional layer of security in proving the identity of all employees, often remains unused.
With applications such as Microsoft 365, Adobe Creative Cloud or the remote maintenance solution TeamViewer, even the smallest companies have now arrived in the cloud. But the majority of companies have still not recognized the value of secure two-factor authentication. This is the conclusion of a recent study by the SANS Institute. Even after the pandemic-related home-office mandate, 27 percent of respondents in the “SANS 2021 Password Management and Two-Factor Authentication Methods Survey” still said they had not yet implemented multi- or two-factor authentication. The reasons: For 38 percent of respondents, 2FA and MFA make life too difficult for users, while 25 percent believe strong user authentication is too difficult to implement. A dangerous fallacy!
The important role that multi- or two-factor authentication plays for companies was demonstrated by Microsoft with explosive figures at the RSA Conference 2020 . The cloud giant processes more than 30 billion log-ins from more than a billion users every day. Month after month, about 0.5 percent of user accounts are compromised (over 1.2 million in January 2020). However, the likelihood of unauthorized people gaining access to an account drops dramatically when strong user authentication is used. For example, more than 99.9 percent of compromised user accounts were not secured via MFA, according to Microsoft engineers.
“Not using multi-factor authentication today is almost gross negligence,” also warns Alexander Siegelin, IT director at Kraftanlagen Group. In his company, about 1,600 employees regularly work with Microsoft products – more and more of them with Microsoft 365 and Microsoft Teams. When introducing two-factor authentication with time-limited one-time passwords (TOTP), however, the Kraftanlagen Group did not rely on the Microsoft Authenticator smartphone app, but on a hardware solution, the REINER SCT Authenticator.
And how much has the double security via two-factor authentication made life more difficult for users? Not at all: “We hardly had any queries about its use,” reports Siegelin. Even employees who don’t work on the PC every day only needed a one-minute video on how to use the authenticator. The Kraftanlagen Group now also uses two-factor authentication to log on to the social intranet – and a single sign-on (SSO) via Azure Active Directory is already in the pipeline.
Both Microsoft 365 and Office 365 support multi-factor authentication for user accounts by default. Try it out: Setting it up via QR code is quick! Log in to office.com as usual and confirm the “More information” prompt with “Next”. In the first step of the setup, select the “mobile app” as the “authentication phone” and the option “Use verification code” as the login method before confirming with a click on “Setup”.
Now a QR code appears, which you scan either on the smartphone with Microsoft’s Authenticator app or via a hardware solution such as the REINER SCT Authenticator. Then select “Got It” on the PC and confirm twice with “Next”. Then, in the second step, enter the time-limited one-time password generated by the Authenticator to check your 2FA configuration. Finally, in the third step, enter a backup phone number such as your office number and confirm with “Next” and “Done”. The next log-in then already takes place via secure two-factor authentication.
Deploying and configuring multi-level authentication for employees and home workers, if necessary, is done by the company’s global administrator. In the Microsoft 365 Admin Center, he or she has the option of deactivating an outdated MFA on a per-user basis and converting all accounts company-wide to modern authentication. Depending on the license, policies for initiating MFA can also be used to configure (risk-based) conditional access, for example to take account of the user’s group memberships or the IP location information of the end device.
Just as with Microsoft 365 and Office 365, organizations and employees can use double security via two-factor authentication for a variety of other Internet services. Even securing the company’s own hardware – such as access to routers or NAS systems – is possible in this way. The following list provides a brief overview of the most important areas in which secure two-factor authentication with time-limited one-time passwords can be used:
The REINER SCT Authenticator offers companies the highest level of protection for all these services. In contrast to an authenticator app on a smartphone, the hardware-based TOTP generator does not require an Internet connection and therefore cannot be attacked online. The pocket-sized device stores the electronic keys for up to 60 user accounts and generates the one-time passwords required for logging in precisely every 30 seconds.
Why two-factor authentication also makes sense for companies User accounts
How TOTP one-time passwords secure sensitive corporate data Time-based one-time
How KeePass works as a back-up for a TOTP authenticator