Passwords are no longer sufficient to secure your company’s website. Users already have too much information to remember making it impractical for them to choose unique and secure passwords for every website. To fight this problem, two factor authentication – the process of using a password in conjunction with a token which constantly generates a unique code to be entered along with the users password – has become an attractive solution, but due to technical limitations, up until recently such systems were limited to enterprise settings. The most common application of such technologies are keychain tokens, which are used to allow remote employees access to internal networks. Today, however, many smaller businesses and consumer facing websites are embracing the technology as a way to reduce damages from fraud.
Although such systems used to be difficult to implement for small businesses, today two-factor authentication is feasible, even at the small business level, thanks to a competitive marketplace of solutions. SecurEnvoy, is a security vendor in this market who was recently named as a “firm to watch” by industry analyst firm Gartner. The SecurEnvoy system stands out from the crowd because it does not rely on passwords at all. While most two factor authentication systems rely on users entering a password and unique code generated by an app or token, the SecurEnvoy system simply requires the unique code provided to users in real-time. The logic behind not requiring a password at all is that since most people don’t share phone or email accounts, entering a password shouldn’t be required alongside a token.
Rather than relying on hardware tokens which can be costly to provide to employees and customers, SecurEnvoy allows security codes to be delivered via text message (SMS), email, mobile apps, and Voip phone calls. Another advantage of not using hardware tokens is that the theft of a token might go unnoticed for awhile (such as an employee losing it before a long holiday), a mobile phone theft is more likely to be noticed by the employee allowing action to be taken rapidly.
When it comes to the technology, no matter your companies industry, integrating two-factor authentication into your company website is one of the best ways to reduce fraud. Although there is an initial learning curve, and not all users will want the technology, it still is worth exploring since passwords today provide little to no security. An alternative option you could also examine is single sign on (SSO) options, such as Facebook Connect or Google Apps. These allow users to create accounts on your website while only needing to remember their Facebook or Google credentials. This option is notable because while you can request necessary personal information the password of the user never is accessible to you, making it a very tolerable option for most users.