Access control through two-Factor Authentication
Access Maintaining data security has become more of a challenge, it is tough to anticipate attacks and prevent all the loopholes in software’s providing security. Verizon in their 2013 Data Breach Investigation Report stated that “Almost 80 percent of the attacks could have been prevented by using something other than single-factor username-password.”

Two –factor authentication (2FA) when applied is one the best ways to secure your accounts online. It is basically a system that implements multiple factors for a verification process. This authentication stems from the principle of “Something the user knows” this could be a username, phone number, password or a personal question and “Something the user has” this would include a one-time passcode, key generator or a smart card. The verification process is similar to the process you would experience at an airport ticket counter. Your ticket when presented at the security acts as your identification and your photo id like the state-id or a passport through your photo would verify that it is you.

Two-way authentication is a method of overcoming the problems associated with the single authentication process, when used efficiently it provides the following benefits. * Improved security: Since this authentication process is a 2 fold approach it ensures that even if a user’s password is compromised the hacker will be denied access until they provide the correct second element. * Reduction in data theft: Unauthorized access to system through phishing, network snooping, hashing the password, brute force attack can be mitigated. * Increased Flexibility: This authentication process can be used by companies to assure data protection by allowing its employee to work remotely * Compliance : 2FA falls in line with the compliance requirements of HIPPA,PCI and Data protection act

There are numerous mechanisms which many companies are implementing 2FA through, some of them are smart-cards one time password tokens, out of band authentication, phone based authentication, authentication verification sent via text. The points to consider while implementing a 2FA in any organization are * Understanding the corporate environment: It is essential to understand the business of the organization, get an idea about the technology the company uses on a day to day basis and what kind of IT security is already in place. * Find the audience you need to cater to: Identify whether the 2FA is needed for internal employees, external employees or for employee who access the systems via VPN. * * Implement in stages: If no target audience or scope is presented start implementation of 2FA in phases. Initially use it only to protect critical business information and then move on to the other sections. * Take Cost and complexity into consideration: Implementing 2FA is a complex and expensive procedure and it is best to identify the number of employees, number of offices and support available.

Some of the best know companies such as Google, Apple, Facebook, Twitter, Dropbox, Evernote, Paypal, Microsoft, Amazon and Linkedin have 2FA in place.

Even with all the security that 2FA offers it’s not an easy task to implement; Internet giants like Google a company that uses the best form of security has had trouble in the initial phases of adding a 2 way authentication. There are a couple of challenges while implementing this authorization method- Legacy systems and software need to be reworked upon extensively to implement 2FA. Usually companies do not use just one type of technology or system from one vendor so putting in a 2FA framework which is compatible across all the software’s is tedious and time consuming. Once implemented some of the companies require their employees to carry some form of tokens for verification purposes. These tokens can be easy misplaced and this adds to the overhead cost of implementing the authorization system.

2FA is not a full-proof method to combat against attacks and it isn’t the easiest to implement but, it is currently the only practicable means of protecting the user from identity theft. It is mandatory for companies to realize that conventional means of using just a static password and username can no longer provide adequate safety more sophisticated means are required to keep threat at bay and protect themselves from business and financial disruptions.

References: 1. Two-factor authentication option, use-cases and best practices,(January27,2014), ComputerWeekly.com, Retrieved from http://bitpipe.computerweekly.com/detail/RES/1389707740_280.html 2. Russell. Kay. "Authentication." Computerworld 34.13 (2000): 77. ProQuest. Web. 2 Feb. 2014. 3. White paper: Two factor authentication, (2005), Identrica, Retrieved from http://www.identrica.com/WhitePapers/Why2FA.pdf 4. Kemshall.A, Underwood.P, (July,2007) “Options for two factor authorization” Retrieved from http://www.securenvoy.com/whitepapers/white_paper_two_factor_authentication.pdf 5. Understanding two factor authentication, (2013), Conjungo, Retrieved from http://www.conjungo.com/technology/two-factor-authentication/benefits-of-two-factor-authentication