Layers of Security – Two-Factor Authentication

Home    Blog    In The News
Layers of Security - Two-Factor Authentication
2FA, passwords, physical tokens, Two-Factor Authentication

In this day and age, many Canadians have come to rely on using video call services such as Zoom as a way to interact with co-workers, clients, family, and friends. Though it’s an easy platform to use, Zoom hasn’t necessarily been the most secure of video call services out there.

Plagued with security and privacy-related issues including a poor privacy policy, an incorrect claim that meetings and webinars were capable of using end-to-end encryption, and multiple vulnerabilities in which attackers could take over a user’s computer, it’s no surprise that people started to steer clear of using Zoom, instead opting for more trusted platforms such as Microsoft Teams.

Zoom said they would do better. In April 2020, an article by independent site Help Net Security confirmed this, stating:

“…CEO Eric Yuan publicly pledged that, for the next 90 days the company will temporarily stop working on new features and shift all their engineering resources to focus on trust, safety, and privacy issues.”

It appears they’ve followed through on their promise. On September 11, 2020, PC Mag announced that Zoom was launching a two-factor authentication option for both its desktop and mobile applications. This option was previously only available for web clients. It’s a great step forward for the platform and means greater security for their users.

So, what exactly is two-factor authentication, and why is it such an important step for the Zoom platform?


What is Two-Factor Authentication?

Let’s first start with learning about authentication. What is it, exactly? defines authentication as it pertains to digital technology as “the act or process of establishing identity and verifying permission to access an electronic device or computer network”. This sounds a little complex, but it boils down to something as simple as logging into your phone using a PIN or fingerprint, or logging into your work computer using your username and password. The underlying concept is that you, and only you, should know both your username and password.  This allows a system to “know” it is you that has logged in.

There are three general factors that can be used for authentication:

  • Something you know (like a password)
  • An item you have (like a cell phone authenticator application, or physical token)
  • Something you are (like your fingerprint or face, also known as “biometrics”).

Two-factor Authentication (2FA), also referred to as Multi-Factor Authentication (MFA) or 2-Step Authentication, is using two of these factors when you login to a device, website, or application. Generally, a password is used alongside one of the other two factors.


How does it Work?

Well, it’s pretty simple! You open the website or application you want to access. Type in your username and password (using your handy-dandy password manager, of course!), and hit the login button. Here’s where it differs slightly than the usual login process most of us are used to. You would then be directed to another screen, prompting you to enter the code that was sent to you via text message or through your authenticator application, or use your face or fingerprint to continue. That’s it!


Why does it Work?

Simply put, it adds an extra layer of protection to your accounts. It will help keep any personal information you may have inputted when you created your account from being misused. Let’s use online shopping as an example. If a cybercriminal accessed your Amazon account, they could add a new shipping address. Using the credit card you saved on file, they could order anything they wanted, and have it shipped right to them! A cybercriminal would have to have your username, password, AND your additional form of authentication (whether it be an authenticator application or fingerprint) to be able to access your accounts if you used two-factor authentication. It certainly makes it more challenging for them. They would need to physically have your device in hand, have compromised your device, or tricked you into providing them the information.


The Perfect Solution?

Is two-factor authentication a perfect solution to keeping your information secure? Depending on the platform, it may not be! (Are you surprised at this? I sure was!) If two-factor authentication is poorly implemented by the platform it may not be more secure than if you just used a single password to login to your accounts. Does that mean you shouldn’t bother with using two-factor authentication? Absolutely not. Microsoft actually states, “…MFA can block over 99.9 percent of account compromise attacks.”. That’s pretty amazing! Having two-factor authentication in place is always better than just using a password alone.

Now, the two-factor authentication option on the Zoom platform is just that – an option. It’s not a mandatory requirement to be able to access your account. In fact, many services and applications DON’T require it. In order to turn on the feature, you have to actively search out two-factor authentication in the settings of each service or application (check out the Zoom-specific instructions for turning two-factor authentication on here).

It may take a few minutes to initially set this up on each of the websites and apps you use, but this worthwhile step that could save your account from being compromised down the line. Wouldn’t you rather spend a few minutes today setting up two-factor authentication to help keep your accounting more secure, than (in a worst-case scenario) spend weeks, months, or even years trying to fix your credit after a cybercriminal gains access to your personal banking information?

Take a few minutes this week and set up two-factor authentication on just one of your apps. I guarantee you will feel more secure!

Ready to protect your business?

Sign up for our newsletter!