Two-factor authentication frequently asked questions

Used by banks, email providers, small businesses and even online gaming platforms, two-factor authentication is becoming a ubiquitous security feature.

It’s easy to see why. Two-factor authentication quickly thwarts cybercriminals, even when they have your credentials. As a result, a growing number of businesses want to know how to deploy it. Despite its popularity most people don’t really know how two-factor authentication works. Below are 15 questions clients in Minneapolis and St. Paul have frequently asked us, along with the answers, to help you implement two-factor authentication.

Two-Factor Authentication: Frequently Asked Questions by Small Businesses 

1. How do I get my employees to install two-factor authentication on their personal cell phones?

We have rarely seen employees push back against installing a two-factor authentication app (also called two-factor verification or multifactor authentication) on their personal phones. We’ve only had one instance in all the companies we support. In that situation, instead of using a mobile phone app, they use a hardware token that randomly generates the authentication numbers.

2. How do we set it up?

To get started, identify the applications that need two-factor authentication. Next, select the people who need this layer of security. Finally, determine the best mechanism for generating codes. For more details, check out this article on how small businesses can set up two-factor authentication.

3. How does two-factor authentication protect our company?

Two-factor authentication provides a randomly generated second password. This password is received by a device like a cell phone or hardware key. Without the device and second password, cybercriminals will not be able to log into your business accounts.

4.  Do we need an administrator to set it up and monitor the software?

Not for personal use like logging into a bank website because the bank administers it. But, in a business environment, an administrator is needed to set up two-factor authentication, and KLH offers this service. Monitoring is not necessary, but your administrator will assist with maintenance.

For instance, if a device is lost or stolen or an employee acquires a new phone, you’ll need an administrator to transfer the application to the new device. A wireless carrier will not be able to do this for you because it involves signing up the new phone and disabling the old one.

5. Do we have to implement two-factor authentication for every application?

If your business does not have to meet regulatory requirements, like HIPAA, no. You will only add two-step verification for your internet-based applications, such as email or cloud programs, or if you will be accessing your corporate network from outside the office.

For companies in regulated industries you need to set up two-factor authentication more widely, including for desktop applications. To do this, work with an IT expert who can ensure it’s set up correctly.

 6. Which applications should we implement it for in our company?

You should set up two-factor authentication on applications you access through the internet or a VPN. Assess each program your business uses to build a comprehensive list of those needing an extra layer of protection.

7. How do I get employees set up with two-factor authentication?

Implementation will depend on the program you use but most require employees to download an app on their smart device. Your application vendor will provide instructions for you to follow.

8. If an employee doesn’t have their device, how do they access their application?

Your staff will always need their designated device to get their two-factor code to log in. In some cases, but not generally, an administrator will be able to provide a bypass code.

9. What do we do if an employee’s device is lost or stolen?

When devices are lost or stolen you should immediately notify your administrator who can then disable two-factor authentication on the missing device. As a word of caution, never save your main password on the device. You don’t want anyone to have access to both your password and your two-factor authentication device at the same time.

10. Can a hacker or cybercriminal access the employee’s applications if they steal the device?

A cybercriminal can only access someone’s applications if they have both the stolen device and the main password to log into an account.

11. What if an employee doesn’t own a smart device?

A hardware key is available for team members who don’t have a smart device or don’t want to download an app on their phone. The key or token is about the size of a USB key and randomly generates numbers used to log in. 

12. How do you get employees on board with using two-factor authentication?

Before deploying two-factor authentication explain to your team why it’s necessary. Mention examples of phishing campaigns but don’t only use large data breaches as examples. Talk about how everyone has received spam messages from someone whose account was hacked and how they don’t want the same thing to happen to people in their contact lists.

13. Are there different types of two-factor authentication programs?

Yes. Two-factor authentication can be built into the software program you are accessing and you are sent a text message or email with an entry code. Or, it can be an application that sends a prompt or code to a phone.

Other two-factor authentication solutions are available through enterprise-level-for-small-business programs like Duo and RSA SecureID and tie into the device or hardware token. 

14. Is there a monthly cost for two-factor authentication software?

To use a program like Duo or LastPass there is a monthly per-user fee. For your line-of-business applications, check with your provider.

15. How long will it take to set up two-factor authentication in my small business?

The initial installation process typically takes a few hours. Additional time is required for your IT service provider to go through each account, ensure the application is correctly installed on the device and answer any questions your team may have.  If you still have questions about implementing two-factor authentication or would like assistance setting it up for your company, contact us at (952) 258-8200.