This post is an excerpt from Is it Time for Two-Factor Authentication?.
The recent security breach at Citibank, coupled with even RSA hiring what may be its first Chief Security Officer Edward Schwartz, point out that you can never be too paranoid about your personal and corporate data security. RSA was in the news earlier this year for an attach on its SecurID two-factor tokens, something that had been considered the ultimate in enterprise security.
It might be time to take another look at two-factor authentication, and see if it makes sense to implement this in your organization. Here are three basic steps to get started:
First, take a look at what Google and Facebook have done with adding two-factor authentication to their accounts. Both use somewhat similar systems, tying your account to your cell phone and sending you a text message that you have to enter as part of your login process. Google adopted two-factor authentication last fall and Facebook added two-factor to their accounts in May. And eBay/PayPal have had two-factor authentication for several years on its accounts, too. While these are all personal solutions, they help gain experience in using these two-factor solutions and give you some perspective before you want to implement these corporate-wide.
