Two-factor authentication (2FA) is a process you probably know well—especially as it pertains to office security. It's a login process that combines your username and password with a piece of information only you possess or a unique personal characteristic. Companies have been using 2FA to make their employees' logins extra impervious to attacks.
Duo Labs recently published an in-depth report about societal perceptions of two-factor authentication. The team surveyed a 443-member segment of the population representative of census polls and conducted a literature review to determine what other scientists discovered about the topic. The results are concerning for any security pro looking to create a more secure workplace. 2FA isn't nearly as popular as it should be—yet. Fortunately, the survey also reveals some opportunities for improving authentication and adoption.
Understand the low adoption rates of 2FA
The concept behind 2FA for office security makes sense. After all, it's much harder for a hacker to gain access to an account requiring two pieces of identifying information instead of just one. However, the researchers from Duo Labs found only 28 percent of people use 2FA, despite how much sense it makes. A lack of awareness is one of the most likely reasons for that low figure. When asked if they'd heard of two-factor identification before being surveyed, over 56 percent of respondents revealed they hadn't. That statistic emphasizes why it's so important for IT professionals to focus on education if they hope to gain widespread adoption of secure authentication practices.
After identifying the individuals who knew about two-factor identification, the researchers looked deeper at usage behaviors. They found 45 percent of people who had heard of 2FA used it on all sites that provided it—which was more than researchers expected. As for the respondents who only complied with 2FA on some websites, over 49 percent did so because it was required of them. Such requirements are often present in BYOD workplaces.
IT professionals need to strike a careful balance between keeping organizational networks secure and promoting employee mobility, and 2FA can often help you do so. You also can't ignore peripherals on the network, such as your company's printers. Any unsecured endpoint device without 2FA or other embedded security features is at risk of getting hacked. Fortunately, some of today's high-tech printers offer a range of secure authentication features, such as holding print jobs in the cloud until they're retrieved with a PIN or an ID card.
Beware: Not all 2FA tools are created equal
The study from Duo Labs looked at several tools used for 2FA strategies to measure their effectiveness, including:
- Phone calls
- Emails or text messages
- Single-use passwords
- Hard tokens
- Security keys
Most people liked using a combination of security keys and push notifications best due to convenience and efficiency. Similarly, respondents named push notifications the least likely of all methods to cause frustration. If you're looking for one type of 2FA that's easy to implement into your office security, this could be the one.
What makes people less likely to use 2FA?
People often use easy-to-guess passwords and never change them. Since there's no getting around that fact, you may feel compelled to depend on 2FA to make things harder for hackers. However, there are some methods of verifying identities that individuals particularly don't like.
For example, 44 percent of respondents found remembering hard tokens the opposite of user-friendly. Also, over 33 percent of people polled reported they weren't able to use security keys without instructions. Being aware of the processes people like and the ones they don't could help you develop plans for more widespread adoption at your organization. By knowing and implementing the methods people are most likely to use, you'll find it easier to help people get accustomed to using 2FA and understand why it's beneficial.
Make two-factor authentication part of your office security
The research conducted by Duo Labs highlights how education is a crucial component for increasing the number of people who use 2FA as a means of tightening office security. Instead of just explaining what 2FA is, IT professionals need to go into detail about how the technology improves office security and, most importantly, how to use it. Offering that accessibility is particularly necessary when addressing people with low levels of computer literacy. However, even more tech-adept individuals appreciate clarification from experts when necessary.
You should also make sure to select 2FA tools that are easily streamlined into your employees' everyday workflows. Doing so will lead to wider adoption and acceptance of 2FA. Listening to feedback from your user base could help you select the best tools and avoid preventable challenges to 2FA adoption.
Duo Labs' research shows that 2FA is little-known and little-used, but it also proves that it doesn't have to be the case. By educating users about what 2FA is and choosing tools that are more likely to be used, you can make strong password use a regular part of your company's security.