Protecting Your Database Using Two Factor Authentication
When you stop to consider the huge amount of information, much of which is highly sensitive, that is stored in your company’s database, you can see how important it is that this information be kept secured at all times. Even more importantly, you should have various security precautions in place that establish access parameters for your employees to restrict access on a “need to know” basis, so that each of your employees can only access the information they need relative to their jobs.
You will find that there are numerous ways of implementing this type of “Access Control” into your network. The most commonly used is the standard single factor system that requires the use of a username and password to gain access. This may work for the lower level and less sensitive information, but as the information becomes more sensitive, you will find that up grading to a two factor authentication or 2FA set up is going to increase the level of security surrounding this information exponentially.
Once using single factor authentication was relatively acceptable for most uses and it still is for many, but when it comes to access to highly sensitive information stored in your database, it simply is not good enough anymore. The main reason for this is two-fold, starting with the username. Invariably a person’s username is going to be based on each employees name; this is relatively standard as it makes it easy for them to remember. It also makes the username very easy to guess.
The other half of this combination is the password, which if anything is even easier to guess than their username. The average person will create a password that is meant to be very easy for them to remember. These include things like birthdays, anniversaries and mother’s maiden names. To make matters even worse most people will use the same password for multiple accounts. This is done because just about everything uses a password and having only one or two passwords for everything just makes it easier, it also makes everything far less secure.
Even if you issue your employees a complex password that is designed to expire in a certain time frame, you are truly not helping matters. Most people who have to deal with this type of password will write their password down and keep it located somewhere easy to find such as on a Post-It Note or on a scrap of paper under their keyboard or in a desk drawer. If this method is so insecure, what does a two factor authentication system offer that makes it so much better?
With a two factor authentication service, you will still have to use a user name and password to log in, but you will also need a second piece of information that must be used conjunction with them in order to gain access to the secured area of your database. This is akin to needing a regular door lock key and then a deadbolt lock key to open the door to your house. If you do not have both keys, you cannot get the door open.
If you do not have both pieces of the two factor authentication, you are not going to get into your database. In some instances this can be in the form of a “token” device that can be issued to each of your employees. In most cases it is small enough to fit on their key ring. The token will display a number that is designed to change at very specific intervals and is matched to their username and password. As long as everything matches, access is granted and if not, no one gets in. The numerical value will change every 60 seconds which is long enough for your employee to enter it, but far too short for anyone to hack using any known form of algorithm software on the market.
This can also be done using a one-time use digital access certificate that is emailed directly to each employee. In order for them to be able to log into the secured areas they will need to use the certificate to do so. This two factor authentication method is considered to be the most secure method of access restriction currently available. For more information or to view a demonstration of how it works, visit us at Digi-Sign, you will find that Digi -Sign offers complete certification services that are recognized and accepted worldwide.