eDiscovery Daily Blog

• September 14, 2017

The data breaches just keep coming.  Equifax is the latest hacking victim to a tune of 143 million US customers – approximately 44 percent of the population.  Perhaps if they, and other organizations recently breached, had added a factor to their authentication process, those breaches might not have occurred.

By “factor”, I mean two-factor authentication.  Two-factor authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that requires not only a password and username but also something that only that user has on them, such as a piece of information only they should know or have immediately available to them (such as a physical token).  Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and hack into their system.

According to the latest Verizon Data Breach Investigations Report (DBIR) (covered by us here), 81 percent of hacking-related breaches used stolen passwords and/or weak passwords.  Almost two-thirds of us use the same password for all applications that we access.  And, with best practice recommendations for establishing secure passwords changing, it’s clear many people have been doing it wrong all these years and that just a password may not be enough to secure many accounts anymore.

This is where two-factor authentication can help, by offering an extra layer of protection, in addition to just the password. It would be highly difficult for most cyber criminals to get the second authentication factor unless they are very close to you or right there with you when you’re attempting to sign into the application.  According to this infographic from Symantec, 80 percent of data breaches could have been eliminated with the use of two-factor authentication.

Probably the most common form of two-factor authentication is where the application sends you a code (via text or email – the means for sending may vary depending on the platform) once you provide your password that you have to enter to then be able to access the application.  Unless a hacker can also access your email account or see your texts, that second layer of security helps protect against hacking of your account via just your password.  Two-factor authentication is a terrific way to provide that extra layer of security and it’s important to consider whether your provider can support two-factor authentication when considering cloud providers (in general or when evaluating cloud eDiscovery platforms).

Also, if your organization has been affected by the recent hurricanes and you need the ability to access your data for a period of time while you rebuild, or to save costs in hosting for a case so that you can apply those savings to rebuilding your infrastructure, CloudNine can help.  Click here to find out more and also how to help out those who were affected.

So, what do you think?  Do your cloud providers support two-factor authentication?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.