Many organizations are still relying on single-factor authentication (i.e., passwords) to control access to cloud services, VPNs, and other corporate resources, but as the instance of breaches continues to rise, it's become clear that passwords alone just aren't cutting it any more.
Let's take a look at some of the major risks to using a standard password system.
1) Password Reuse
It's hard enough to remember one random, symbol-filled alphanumeric password, let alone a different one for every platform you use across the web. All too often (61% according to one study) people resort to reusing passwords. This becomes a major problem when one of those platforms (e.g., Adobe, Twitter, LivingSocial, Evernote) is compromised. If that same password was used to access a corporate resource, such as email or VPN, your organization may be vulnerable.
2) Social Engineering
The amount of personal information on the internet serves as great fuel for hackers who rely on social engineering to gain access to passwords or the accounts they are supposed to protect. Hackers research their target and use the information to stage a customized attack. Whether this is in the form of a phishing email specifically designed to seem legitimate to the recipient (as was the case with last year's Associated Press twitter breach), or gathering enough information to impersonate the target to tech support and bypass security questions, social engineering is increasingly in the news and presents a large threat to users relying only on passwords.
3) Form-grabbing malware
Hackers have grown increasingly sophisticated in their attacks. A while back we highlighted a case where an unnamed airport fell victim to a main-in-the-middle-attack using a Citadel Trojan approach to hack into the airport's VPN. Form-grabbing malware was used to steal an airport employee's username and password and gain access to the VPN.
As you can see, relying on passwords alone can leave you vulnerable to breaches. Adding a second layer of security in the form of two-factor authentication could help thwart many of the hacking techniques outlined above. Just like it sounds, two-factor authentication ups the ante from username and password and requires a second piece of information before granting access.