Fortune Magazine reported recently that over 55% of computer users aren’t familiar with two-factor authentication (also known as 2FA or MFA, multi-factor authentication). In a survey of more than 450 educated computer users across the country, Duo Security found that “most people don’t understand the importance of 2FA in helping prevent unauthorized access.” These findings are startling given the frequency of large scale data breaches that are impacting major U.S. companies, such as the recent leaks at Equifax and Tarte Cosmetics. It is now more important than ever that people understand and implement their own security controls, and 2FA is one of the key ways to do that
What is 2FA?
2FA is a way to protect your online accounts and data. The term refers to using at least two “factors” to authenticate, or verify, your identity during a login attempt. The first factor is something you know, such as a password. The second factor is something you have, such as a code delivered to you via email or SMS or generated in an app (e.g. Google Authenticator), a physical device (e.g. a Yubikey), or even a fingerprint.
The reason why 2FA is an important tool to keep your accounts and data secure is that most people reuse passwords or do not have strong enough passwords. So the second factor makes it much more difficult for an unauthorized person to remotely access your account. If you apply 2FA to an account, even if an attacker has your password or is able to crack it, they will not be able to access your account or data without that second factor. For most people, the second factor is accessed via their phone.
Even if you are unfamiliar with the term, you may have already used 2FA. When accessing your bank account online, have you ever been asked to enter a 4 to 6-digit code from your email or cell phone during login? That is a common example of 2FA.
Depending on the program, the options for 2FA may be email, SMS, or a time-based one-time password (TOTP or OTP). Security experts recommend opting for TOTP when offered, which you can activate using an app on your phone, like Google Authenticator. Instead of waiting to receive the code via email or SMS, you can simply open the app and find a code waiting for you. TOTP 2FA is stronger than SMS because SMS is more likely to be compromised via phone porting using social engineering. If SMS is the only option, though, it is better than no 2FA!
How does Everlaw implement 2FA?
At Everlaw, we want our customers to feel confident that data on our platform is secure. One way we do this is to offer 2FA on all Everlaw accounts. Everlaw’s 2FA options include TOTP to ensure our customers’ data is as secure as possible. For information on how to enable 2FA for users, please check out our walk-through. All of our employees are required to have 2FA enabled in order to access Everlaw, which is enforced by a software control.
Keeping online accounts secure depends on understanding and adopting security tools that make it harder for unauthorized people to access your information. Enabling 2FA on Everlaw, and on your personal accounts, is a process that can be accomplished in just a few minutes and sharply reduces the chances of unauthorized access.
We hope this demystifies 2FA and helps you understand the importance of securing your accounts and data, as well as show you how to easily enable it for your litigation prep. Any questions? Let us know at firstname.lastname@example.org!