Wide area networks: The power of SD WAN and SASE
Software-based WANs (SD-WAN or SASE) are not only more flexible and scalable than classic wide area networks, but also significantly cheaper.
Two-factor authentication is many times more secure than classic login method with a username and password. But people rarely think about what might happen if they lose access to their authenticator app.
In professional IT environments, everyone knows by now that modern two-factor authentication (2FA) offers more security than classic login based only on a combination of username and password. However, two-factor authentication carries a significant risk that not everyone is aware of: What happens if the authenticator used fails or is no longer available? Are you prepared for the worst case?
First, let's take a quick look at the basics of the authentication process. With a classic login, entering the correct username and password is sufficient to successfully log in to a company resource. Here, the password is the single security factor. However, this can be stolen, guessed or hacked and then misused for unauthorized access.
Two-factor authentication, on the other hand, requires two independent factors for registration. These two factors are generally:
An attacker might steal the credentials but cannot reach the additional device required for authentication. Therefore, they can’t log in as someone else. But this could end up becoming a problem for you – if you lose access to your authenticator for whatever reason.
2FA providers are quite familiar with the problem of accidental lockout. Oftentimes, after setting up two-factor authentication, they also offer a backup of the key or the option of setting up another 2FA method. You can use them as an alternative registration method in an emergency.
For example, Google provides backup codes for such cases, you should store these 10 codes in a protected place that you can access at any time. A password manager such as KeePass or LastPass can be used as a storage location. Microsoft only provides a single recovery code, which you should also back up as soon as you can. The Redmond technology group has also implemented another security measure to annoy hackers and, unfortunately, legitimate users who want to access their account again: You'll need to wait around 30 days for Microsoft to release your account again.
Activating two-factor authentication via the security settings of a Google account, for example, is very easy to do. Google provides the users with a QR code, which contains a secret, Base32-encoded key for calculating the one-time passwords. Set up the account, for example with the NCP Authenticator App simply by scanning the QR code with your smartphone camera.
Then return to your Google Account, go to the Security section and click the Backup Codes link. Print the list out or store it in a protected place. If you do not do this and later lose access to your 2FA method, you can only have the password reset by Google. However, this takes several days. During this time, you will not have access to your account and may lose an important message.
If your provider offers alternative methods for two-factor authentication, you should usually enable them as well. The most common alternative is to send an SMS with a one-time code to your mobile phone number. This is basically a good backup method that works reliably. However, it is considered less secure, as it is technically possible to redirect SMS to other devices. For sensitive data, you should therefore refrain from doing so. Some providers, such as PayPal, do not yet offer dedicated recovery codes. In this case, only SMS can be used as an alternative method for your 2FA.
In summary, the improved security of modern two-factor authentication also poses some risks to the user:
However, in view of these risks, to refrain from two-factor authentication would be grossly negligent. We recommend that users should regularly check whether they have activated the secure 2FA login for all services and applications. In our blog post “How 2FA works with time-based one-time passwords” you will find an overview of the most important companies and online services that already support modern two-factor authentication.