Advantages of Two-factor Authentication for Businesses – How We and our Company Clients Use 2FA
Two-factor authentication is a popular method to enhance the security of any sign in process. Especially businesses should take advantage of two-factor authentication (short: 2FA), because they have to protect their sensitive information, and a data breach can have severe consequences. In this article I will describe our use case for 2FA here at Boxcryptor, and discuss, how and why we integrated it into the Boxcryptor Company Package for our company users.
How 2FA can protect you
Every security feature protects its users from a certain threat model. The threat model in this case is the worst case scenario that login credentials are stolen or intercepted. No matter how secure your password is and how often you change it – which by the way is not really a secure habit to have – you, your data and eventually your business or employer will be in trouble.
This threat model is theoretically valid for our Boxcryptor users as well. Due to our zero knowledge approach it is very difficult, if not impossible, to intercept Boxcryptor passwords. However, we are all human beings, we all make mistakes. There is a chance that at some point you or your employees could fall prey to social engineering or a phishing attack.
One could not really blame someone, because it is a fact that the methods of cyber criminals are getting more and more sophisticated. To make sure that even in this case your businesses data is safe, you can implement extra security with 2FA.
Instead of just signing in by entering your username and password, for example on your laptop, you need a second factor to validate your login, for example your phone. Two-factor authentication is often described by the combination of
something you know + something you have / something you are.
Something you know is your username and password, something you have could be a second device, such as your smartphone, something you are as a second factor could be your fingerprint.
Why we chose Duo Security to implement into Boxcryptor
Duo Security was the first choice for implementing 2FA in Boxcryptor, first, because we already use it ourselves, and second, because they are one of the leading experts in 2FA worldwide. We want our users to profit from the expert-knowledge at Duo. While we concentrate on the best possible encryption, Duo delivers flawless 2FA.
Duo makes it very simple to protect many different apps, due to their Auth API – as long as the apps support Duo. Once you have an Enterprise Plan of Duo, you can protect any sign in process of on-premises and cloud apps.
According to a Verizon Data Breach Investigation Report quoted on Duo’s website,
[o]ver 95% of attacks involve harvesting credentials from customer devices, then logging into web applications with them.
With 2FA this risk is strongly minimized. For that reason, we implemented Duo Security into Boxcryptor.
Our use case for 2FA here at Boxcryptor
Here at Boxcryptor, we can ocasionally work from home. By allowing that the founders of Boxcryptor, Andrea and Robert, want to make sure that each of us can work in the environment that suits them best. For the case that one of us works in home office, we set up a VPN network. Therefore, we can work from home as if we were in the office. However, they were aware that they had to add an extra layer of security for that scenario.
To avoid that a virus or a hacker intercepts our passwords and uses them to get into our accounts, we implemented two-factor authentication with Duo Security for our VPN. When we want to log into the VPN, it receives a request. The VPN communicates with Duo, which sends a request to the mobile device of the user – the second factor. When the user confirms on the second device, Duo communicates back to the VPN and only then the user is allowed access the network.
This sounds complicated, and of course, it is an additional step to your usual workflow. However, the login still takes only a couple of seconds – provided you have your second factor close by – and once it is set up, it is very easy to use. The most important part is: It will enhance security very much.
How our Company Users can Protect their Data with 2FA and Encryption
Encryption protects the data in your cloud in case someone steals your cloud password. When the culprit logs into your Google Drive, for example, he will only see gibberish and he will not be able to open any files, due to the encryption. Additionally, your cloud provider and its employees cannot access your data if they tried to, or are forced to by authorities. In case of a breach at the cloud provider you are safe as well.
2FA, on the other hand, protects you from a different threat model. What if someone gets access to your Boxcryptor username and password? Then he could access your data. However, if you protect your Boxcryptor account with 2FA, this is not possible, either. The culprit would need the password, username, and the phone of a user to get inside an account.
With the combination of Boxcryptor and two-factor authentication, your business is protected from two of the most common threat models that are often connected: data breaches and user credential theft and misuse.
The great thing is: Working with Boxcryptor in your company is incredibly simple, since you can keep the folder structure you are used to. Just move it to the Boxcryptor drive once. If you are already using Dropbox, OneDrive, Google Drive or another cloud, you do not even have to move any data. You just have to click on encrypt once on the highest level of your folder structure, share permissions, and you’re done.
Your employees can collaborate and store files in this encrypted cloud drive, share data securely within the network or with outsiders, and much more.
With the additional 2FA-policy enabled, your business data is protected on the highest possible security level.
Are you interested in what Boxcryptor can do for your business besides 2FA? Get to know its features, read about our happy customers and find out how we can simplify and secure your work life in the cloud. You will find all you need to know on our business website.