US Government Embraces Two-Factor Authentication: Is It Time You Do Too?

The U.S. Government has begun to require the use of two-factor authentication for some of its accounts.

Since the beginning of October, federal and state employees running government websites have been encouraged to sign up for the security measure. Doing so will add an extra layer of protection that should stop attackers gaining access to government websites. According to DotGov, the rollout will take place over the next couple of months.

The use of two-factor authentication means would-be hackers have an extra step to bypass if they want to access a government website admin account. This is important as, by gaining access to one of these accounts, hackers could potentially redirect users to fake or malicious sites.

An authenticator app will provide the two-factor authentication. While the government says users will be able to choose any suitable app, it will provide support for the Google Authenticator app.

By requiring two-factor authentication, the U.S. government acknowledges the effectiveness of the procedure as a security measure. However, you don’t have to be a government organization to enjoy the extra layer of defense it provides.

Businesses, like title agencies, law firms and everything in-between, should consider adopting a form of two-factor authentication to keep any accounts they use secure. By doing so, these businesses will be able to protect themselves from hacks and wire fraud.

What Is two-factor authentication (2FA)?

Usually, when you log on to a website, you need to input a username and a password. The password should be difficult to guess and something that only you know.

However, if a hacker is somehow able to find out your password, you’re in trouble. There would be nothing to stop the hacker logging into your account and accessing all your data.

Two-factor authentication improves upon the username and password combo by requiring a third piece of information. This information comes from something that you have physical access to — such as an app, phone, or a code sheet. You have to insert this information when you log into one of your accounts.

By requiring this extra piece of information, a hacker should find it much harder to break into your account. Even knowing your username and password, they will also need to have access to the physical object that provides the two-factor authentication.

Four common types of two-factor authentication are:

• Authenticator apps – An app on your phone linked to your account. When you log in to a service, you acknowledge the log-in attempt on the app and enter a piece of information — such as a code — that the app provides.
• SMS based – The service you are logging in to will send a previously registered phone number an SMS containing a code that you need to put in.
• Push-based – The service you are logging in to will send a notification to a smartphone that you have previously registered saying that someone is trying to log in to your account. You then need to approve the login.
• Backup codes – This is a list of codes a site gives you when you sign up to two-factor authentication. Just print them off and input the correct one when you attempt to log in.

The U.S. government decided to use an authenticator app for its implementation of two-factor authentication. While it chose Google’s app, there are plenty of competitors out there including those from Microsoft and LastPass.

Both the Microsoft and the Google authenticator apps are free and work with a range of services, not just their own.

What Is the link between two-factor authentication and wire fraud?

Two-factor authentication can be a crucial defense against wire fraud. To gain an understanding of why we must first know how wire fraud happens.

In many wire fraud cases, fraudsters will gain the data required to run a scam by hacking into your email accounts. Once they have access, they can discover information about customers and upcoming payments.

The hackers then send out emails — made convincing by the personal information gained in the hack — to their targets. These emails can come from the breached account or from a clone account that appears to be an official source. Fraudsters will include fake wiring details in these (seemingly) official emails.

By using two-factor authentication on all your email accounts, you make it harder for fraudsters to access your account. It stops them from accessing the type of information they need to attempt wire fraud; keeping both you and your customers safe.

How to avoid wire fraud

Of course, two-factor authentication is not foolproof; there are plenty of other steps you can use to protect your business and customers from wire fraud.

We have produced a full series of articles on the actions we recommend organizations take. These cover the hardware and software you use, the importance of having proper procedures in place, and why you should ensure everyone in your business is educated and taking measures  to keep themselves secure.

Additionally, the service we offer at CertifID is a secure final step to help protect your business from wire fraud. We confirm the identity and validate the wiring information of everyone in the wire transfer process. This allows you to be sure that when you wire money, the people you are wiring it to are who they say they are.

If you want to see how we can help protect you from wire fraud, schedule time with our team.

‍