BYOD Risks Obviated by Two-Factor Authentication
The Wall Street Journal Tech Blog recently published an article, 5 ways attackers exploit our bad BYOD habits, listing ways in which BYOD can introduce new security issues to organizations.
But I’d like to address these issues by renaming the list, 5 ways your “bad” BYOD habits are rendered irrelevant by two-factor authentication.
Open wifi networks
The article refers to the ease in which attackers can set up an open wifi network in places like coffee shops and invite users to join. However, the primary risk is having your username and passwords stolen - which a modern, out-of-band two-factor authentication solution obviates by using a separate channel to verify a user’s identity.
Attackers intercept browsing sessions and send spoofed login pages that appear to be credible sites, fooling users into entering their credentials. Think of the possibilities: fake online banking pages, employee remote access logins, etc. With two-factor, attackers can’t intercept a push notification sent directly to your phone, allowing you to still maintain control over your account access even if they have your password. Find out more about online banking security in The Current State of Online and Mobile Banking Security.
One password to rule them all
Pretty self-explanatory, the article points out that users may often recycle passwords across multiple accounts, including personal and work accounts. Two-factor authentication, especially when paired with single sign-on (SSO), makes the quality of your password much less important, as it provides an extra layer of security that doesn’t rely on user behavior. When combined with SSO, you can make device and security hygiene easy for your team.
Malware email attachments
So, two-factor can’t really prevent a user from downloading an attachment in an email that appears to be credible and ultimately executes malware on their device. But it can stop the success of a phishing email. Find out more about phishing in:
Phishing Finds a Bevy of New Hosts, Exploiting Open RDP Ports of Home PCs
Target Breach: Vendor Password Exploit
CNN & Microsoft Breached: No 2FA in Sight
Cloud storage - a goldmine
The article refers to employees that may be uploading sensitive company information to their personal accounts with weak or no security controls in place. General best practices and some compliance requirements mandate strong authentication in front of any sensitive data, such as two-factor to protect remote access for PCI DSS compliance, same goes for HIPAA. Similarly, the FFIEC requires more than just one factor for certain online banking activity, like large-dollar transactions.
If just one security solution can solve all of these issues, that’s a pretty good deal. Instead of more security, try a better security tool to mitigate the several different risks brought to light with BYOD - two-factor authentication.