02-28-13 | Blog Post

Two-Factor Authentication Helps Fight Unauthorized Access

Blog Posts

Access is a huge security concern for every company, no matter the industry. Thus, having an extra layer of technical security in place that employees must go through in order to access a company’s network can help reduce the risk of online fraud or unauthorized entry by an attacker.

Passwords alone aren’t secure enough. If they’re easy to remember, they’re easy to guess; and if they’re strong and difficult to guess, they’re difficult to recall (and what’s the point of having a password if it’s written on a post-it note attached to your monitor?). Two-Factor authentication (which can sometimes be called dual-factor) requires the user to have two of the three different types of authentication factors: either something a user knows (a password), something a user has (a mobile phone), or something a user is (fingerprint).

A common use of two factor authentication would be a user putting in a remembered password. Then, a request to authorize would be sent to the mobile phone associated with that specific username. Once the request is accepted, the user is able to get into the system.

Two-Factor Authentication

Not only is this appealing as a strong safety measure, if you store, transmit, or process credit card information, it is required in order to be PCI compliant. PCI requirement 8.3 states:

Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties. (For example, remote authentication and dial-in service (RADIUS) with tokens; or other technologies that facilitate two-factor authentication).

If outsourcing your PCI compliant hosting, ask your provider if they offer two-factor authentication, and what methods they have available to best suit your company. Also for more information you can check out our two-factor authentication FAQ.

More Reading:
PCI Compliance Breakdown: A Tale of Two Servers
Michigan Hosting Providers Offer Cost-Effective IT Security for SMBs
PCI Compliant Requirements & PCI Compliant Services Matrix

Overwhelmed by cloud chaos?
We’re cloud experts, so you don’t have to be.

© 2024 OTAVA® All Rights Reserved