Cybercrime has become a growing concern for individuals and businesses in today’s digital age. With the increasing sophistication of hackers and the growing frequency of data breaches, traditional Two-factor authentication (2FA) methods like SMS and TOTP are no longer enough to protect online accounts and sensitive data. This has led to the rise of hardware-based 2FA devices like YubiKey, from Yubico, which provide a more secure, convenient, and reliable way to authenticate identity.
YubiKey offers more robust protection against account takeovers and can also provide cost savings for businesses in the long run. In this blog post, we will explore the limitations of SMS and Time-Based-One-Time-Password (TOTP) based 2FA, the benefits of using YubiKey, and the cost savings that can be achieved by implementing YubiKey within the security measures of a business.
In recent years, two-factor authentication (2FA) has become a widely used security measure to protect sensitive data and online accounts. 2FA adds an extra layer of security on top of passwords by requiring a second form of authentication, such as a one-time passcode (OTP) sent via SMS, email, or generated by a Time-Based One-Time Password (TOTP) app. However, recent statistics suggest that 2FA via SMS and TOTP is no longer sufficient to protect against cyber-attacks.
According to Verizon’s 2022 Data Breach Investigations Report, 80% of data breaches involve compromised or weak passwords, and 90% involve phishing attacks. Attackers often use social engineering tactics, such as phishing emails, to trick users into giving away their passwords or 2FA codes. Furthermore, hackers can intercept SMS messages and redirect them to their devices, making SMS-based 2FA vulnerable to interception and SIM-swapping attacks.
Similarly, TOTP-based 2FA is vulnerable to phishing attacks that trick users into entering their TOTP code into a fraudulent website. Additionally, TOTP codes can be intercepted if the user’s device is infected with malware, allowing the attacker to steal the code and bypass the 2FA authentication.
In 2022, cybercrime was estimated to cost businesses over $10.5 trillion globally, according to Cybersecurity Ventures. With such staggering numbers, it’s clear that we need more secure methods to protect our online accounts and sensitive data.
One solution is to use hardware-based 2FA devices like YubiKey. YubiKey is a physical device that plugs into a computer or mobile device’s USB port, requiring the user to tap the device to authenticate their identity physically. YubiKeys also have NFC capability, allowing users to simply tap and go on NFC-enabled Android and iOS devices. This method provides a higher level of security than SMS and TOTP-based 2FA, as it is not susceptible to social engineering attacks or interception by malware.
Key benefits when implementing a YubiKey into your business security measures are:
- YubiKey can be used with various online services, including Microsoft, Citrix, DUO, Google, Facebook, and more. YubiKey uses the Universal 2nd Factor (U2F) protocol, an open authentication standard that ensures interoperability between vendors and platforms. YubiKey also supports TOTP-based 2FA, so users can still use their existing TOTP codes with the added security of the physical device.
- YubiKey has already gained significant traction in the tech industry, with companies like Microsoft, Cisco, and Google offering support for the device. YubiKey is also recommended by security experts and organizations like the National Institute of Standards and Technology (NIST) and the Electronic Frontier Foundation (EFF).
- YubiKey is not only more secure than SMS and TOTP-based 2FA, but it is also more convenient. With YubiKey, users no longer rely on mobile devices or internet connectivity to access their accounts. Instead, they can plug their YubiKey into any computer or device with a USB port and authenticate their identity. A YubiKey can be particularly helpful for individuals who frequently travel or work remotely.
- YubiKey has been designed to be user-friendly, with a simple tap-and-go authentication process. Users can quickly and easily authenticate their identity without remembering complex passwords or entering TOTP codes. This can help reduce the risk of human error, a common cause of data breaches.
- YubiKey is designed to be durable and reliable. It is made from sturdy materials that can withstand wear and tear and is water-resistant to withstand accidental spills or exposure to moisture. Furthermore, YubiKey does not require any batteries or charging, so users can rely on it to work whenever they need it.
- YubiKey is available in various form factors to suit different needs and preferences. The YubiKey 5 Series supports a range of authentication protocols, including U2F, TOTP, and smart card authentication. The YubiKey 5 Series is compatible with various operating systems and devices, including Windows, Mac, iOS, Linux, and Android.
- Adding YubiKey to a business’s security measures significantly reduced the risk of a data breach. According to Yubico’s own study, YubiKey can help prevent over 90% of account takeovers. Businesses are less likely to suffer a data breach’s financial and reputational costs, which can devastate smaller companies.
Implementing YubiKey within the security measures of a business can also provide cost savings in the long run. According to a study by Ponemon Institute, the average cost of a data breach in the US is $8.64 million, with an average cost of $242 per compromised record. This includes costs associated with investigation, legal fees, regulatory compliance, customer notifications, and loss of business.
In addition, implementing YubiKey can help reduce the administrative costs associated with password resets and support calls. According to Forrester Research, the average cost of a password reset is around $70 per incident, while the average cost of a support call can range from $35 to $150 per incident. By using YubiKey, businesses can reduce the frequency of password resets and support calls since users are less likely to forget their passwords or experience issues with 2FA.
Protecting online accounts and sensitive data is more critical than ever in today’s digital landscape. While traditional 2FA methods like SMS and TOTP may have once been considered sufficient, they can no longer keep up with the evolving cybercrime threats. By adopting hardware-based 2FA devices like YubiKey, users, and businesses can significantly reduce their risk of being hacked or compromised. YubiKey offers more robust protection against account takeovers and can also provide cost savings in the long run by reducing the risk of data breaches and the associated financial and reputational costs. As such, it is time for individuals and businesses to prioritize their security measures and embrace the benefits of YubiKey as a reliable and cost-effective solution for safeguarding their online identities and sensitive information. For your next security measure, consider adding YubiKeys to your security plan and your current environment to protect your business.
Meet the Author
John has over 25 years of experience from Information Systems Consultant, Information Technology Director to Network Administrator in both Corporate and Small Business Environments.
Connect on Linkedin