User permissions and two factor authentication are essential components of a secure security infrastructure. They can reduce the chance of malicious insider activities or accidental data breaches and help ensure regulatory compliance.
Two-factor authentication (2FA) requires a user to enter credentials from two different categories to log into an account. It could be something the user is familiar with (password or PIN code security question), something they have (one-time verification code sent to their mobile or an authenticator app) or something they are (fingerprint or the 3 types of software your business needs in 2021 face, retinal scan).
Most often, 2FA is a subset of Multi-Factor Authentication (MFA) which includes many more factors than just two. MFA is usually a requirement in certain industries, including healthcare (because of the strict HIPAA regulations), ecommerce, and banking. The COVID-19 pandemic has also created a new urgency for companies that require two-factor authentication for remote workers.
Enterprises are living entities and their security infrastructures are always evolving. Users shift roles, hardware capabilities are evolving and complex systems are in the hands of users. It’s important to regularly reevaluate your two-factor authentication process regularly to ensure that it’s up to date with these changes. One way to do that is through adaptive authentication which is a kind of contextual authentication that creates policies based on the way, when and where a login request is received. Duo provides an administrator dashboard that lets you easily monitor and set these kinds of policies.