December 15 – Deploy two-factor authentication

Today, our tip #15 in our Christmas calendar “24 tips for a secure Christmas”, is to deploy two-factor authentication. Any servers that requires authentication should be set up to use two-factor authentication (2FA). The two-factor authentication is a security process that requires two separate forms of authentication; first a password set by the user, and then a secondary form which can be a hardware token or similar. This means that even if you would be keylogged, they would only have access to your personal password (but still can’t login as they don’t have the second form of authentication). Two different systems for 2FA are RSA Authentication Manager and DuoSecurity.



Previous security tips from our Christmas calendar

5 replies
  1. Seth Holloway
    Seth Holloway says:

    I like the 24 security tips! 2FA is a great addition to the list. Toopher is another option for multi-factor authentication. Users love Toopher’s ability to automate the second factor–it’s all the security with none of the hassle. Check out the demo and see if you don’t think it’s the best 2FA out there. Cheers!

  2. Mark Stanislav
    Mark Stanislav says:

    Thanks so much for the Duo Security shout-out. We’re glad to see companies like Basefarm realizing the importance of two-factor authentication and sharing that knowledge with their community.

    Happy Holidays from the Duo team!

  3. Robert
    Robert says:

    Key logged is one way they can get you, there are also just simple old brute force password hacks. According to Trustwave, in the recent Facebook hack (2M PWs stolen), 15,000 of the users simply had 123456 as their password.

    You can have a weak password, but you’d better have stepped up authentication.

  4. Elin Mattsson
    Elin Mattsson says:

    Thanks for sharing your tips Seth & Robert and thanks to Duo Security! We hope you will follow the Basefarm Christmas calendar until December 24 for a chance to win a Christmas gift!

  5. Bengt Alverborg
    Bengt Alverborg says:

    2FA is also very useful for private purposes. For instance, Facebook, Google, LinkedIn and Twitter all offer 2FA as extra protection. Highly recommended.

Comments are closed.