Two-factor authentication (2FA), also known as multi-factor authentication (MFA), protects user accounts by factoring in something a user has (such as a time-based, one-time password, or TOTP) in addition to what they know (their credentials). While 2FA is considered to be a standard in identity security practices today, it can be a headache for some organizations.
Organizations know it’s more secure than only requiring a username and password, but 2FA reduces efficiency and can require the admin to dedicate large portions of time to manual integration and management. When admins spend a lot of their time integrating and managing a tool that slows down the user authentication process to some degree, it can potentially translate into a loss of productivity. As a result, some may question the return on investment (ROI) of 2FA.
The Return on Investment
It’s true that 2FA doesn’t generate any revenue directly, but the value of the damage it prevents far exceeds what it costs to implement and maintain. However, there are additional factors to keep in mind when evaluating your company’s need for 2FA, and we discuss those more below.
Data Breach Costs
The average cost of a data breach worldwide is between $1.25 million and $8.19 million. Combine that with the damage it can do to your organization’s reputation, the actual costs far exceed that. The financial hit can take years to recover from. For example, Target took a 54.6% nosedive in its brand perception after their data breach in 2013. Even five years later, their brand perception was lower than before the data breach.
Target’s situation is one of the more extreme examples of the toll a data breach can take on a company, but Target stayed afloat thanks to its deep corporate pockets. Small businesses are much less fortunate –– 60% of small businesses that experience a data breach fail within six months. Because of this, small businesses should take as many precautions to prevent data breaches as they can. Using 2FA can easily secure user identities by presenting another barrier to entry that’s not as easily bypassed through credential stuffing or stolen identities. And, remember that credential theft is the number one way to a data breach.
Organizations will also need to educate end users on how and why they need to use 2FA. As of now, the majority of the workforce is not technologically fluent. Most users will need to be taught how to use 2FA, ideally during the onboarding process. This ensures all employees know right from the start how to access their IT resources.
Is 2FA Worth the Investment?
Data breaches don’t just cost organizations the time and money associated with damage control, they make prospective customers wary of trusting your organization. Multi-factor authentication overwhelmingly prevents account takeovers, making it one of the strongest cybersecurity tools an organization can have. Moreover, admins can rest easy knowing that lost or stolen devices don’t immediately indicate a data breach (to level up here, look at encrypting hard drives via full disk encryption software).
They also don’t have to worry as much about users reusing passwords, as the second factor of 2FA is usually TOTP code generated by an app on the user’s smartphone. So although reusing passwords is poor cybersecurity practice, 2FA prevents recycled passwords from being exploited in credential stuffing attacks.
How to Require and Manage 2FA
For organizations looking to enhance their cybersecurity with 2FA, JumpCloud® can be an ideal solution. It provides 2FA for a variety of resources, such as applications, server infrastructure, VPNs, and Mac®, Windows®, and Linux® systems. Moreover, it offers many other identity management features (such as centralized user management, cloud LDAP and RADIUS, system management, True Single Sign-On, automated provisioning, and much more) at no additional cost.
To learn more about how 2FA works with JumpCloud, schedule a demo or reach out to us with questions.