Reduce Login Breaches by 99% with Two-Factor Authentication

Thanks to Mark Setchell, serial CTO and founder of SimpleBits (details shared with permission), for suggesting a follow-up on how breaches actually happen, focusing on two-factor authentication (2FA).

Most people have now experienced logging in by receiving a code via SMS or email or from an app like Microsoft or Google Authenticator. This is known as 2FA.

The basic idea is that you combine something you know (e.g., a password) with something you have (e.g., your phone) to make it much harder for someone to gain unauthorised access to your account.

2FA is extremely effective at preventing login compromises like the phishing scenario described in how breaches actually happen. Once an organisation enables 2FA, malicious actors can no longer break into an account with just a username and password. They would also need access to the information on your phone in most cases.

Google, Microsoft, and other sources agree that 99% of hacked logins can be avoided with 2FA. Other security threats, such as data breaches and fraud, are also reported to decrease by 70–90%, depending on the source. There are some interesting references on Perplexity here.

With 2FA, even if someone knows your password, they still can't log in to your account (not that I’m suggesting you share your password!). They would also need access to your phone.

While it is theoretically possible (and does happen) for attackers to bypass 2FA, it becomes infeasible except for the highest-value targets—not for mass, automated attacks like phishing.

If your organisation has not yet implemented two-factor authentication, the case for introducing it is extremely compelling.

Andrew Walker
Technology consulting for charities
https://www.linkedin.com/in/andrew-walker-the-impatient-futurist/

Did someone forward this email to you? Want your own subscription? Head over here and sign yourself right up!

Back issues available here.