02-28-13 | Blog Post
Access is a huge security concern for every company, no matter the industry. Thus, having an extra layer of technical security in place that employees must go through in order to access a company’s network can help reduce the risk of online fraud or unauthorized entry by an attacker.
Passwords alone aren’t secure enough. If they’re easy to remember, they’re easy to guess; and if they’re strong and difficult to guess, they’re difficult to recall (and what’s the point of having a password if it’s written on a post-it note attached to your monitor?). Two-Factor authentication (which can sometimes be called dual-factor) requires the user to have two of the three different types of authentication factors: either something a user knows (a password), something a user has (a mobile phone), or something a user is (fingerprint).
A common use of two factor authentication would be a user putting in a remembered password. Then, a request to authorize would be sent to the mobile phone associated with that specific username. Once the request is accepted, the user is able to get into the system.
Not only is this appealing as a strong safety measure, if you store, transmit, or process credit card information, it is required in order to be PCI compliant. PCI requirement 8.3 states:
Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties. (For example, remote authentication and dial-in service (RADIUS) with tokens; or other technologies that facilitate two-factor authentication).
If outsourcing your PCI compliant hosting, ask your provider if they offer two-factor authentication, and what methods they have available to best suit your company. Also for more information you can check out our two-factor authentication FAQ.