Basically, the idea behind 2FA is to require, in addition to the password, a second verification to strengthen the security of your accounts. This verification can be a code generated by applications such as Google Authenticator, a physical security key such as Yubico, a code sent to your cell phone, an email, or even a fingerprint.
With so many digital threats on the rise, MasterBase® actively utilizes and promotes the use of two-step authentication to protect both its customers and users.
You can see in detail our article "MasterBase® increases access security with two-step verification"to learn more about our 2FA/MFA.
But what does this look like in real life?
Here we outline specific cases of companies using this mechanism and the benefits they have seen from implementing it, as well as cases of other organizations that unfortunately had to face the consequences of not having implemented 2FA in time.
Real cases of 2FA use and its benefits
-
Google and the protection of employee accounts
Google has been a pioneer in adopting innovative security measures to protect its systems and the privacy of its users.
As of 2017, Google forced all of its employees to use physical security keys to access its internal systems.
Since then, the company reported that they have not had a single case of phishing or compromised accounts.
BenefitBy requiring a second hardware verification, Google was able to reduce to zero phishing incidents among its employees, who were frequent targets of attacks. This showed the business world that a measure as simple as 2FA can drastically reduce security breaches.
-
Dropbox and the implementation of 2FA for its users
Dropbox, the famous cloud storage platform, incorporated 2FA after a security incident in 2012, when a group of hackers managed to compromise millions of accounts. Although this incident affected both employees and users, Dropbox implemented 2FA to make access to accounts more secure.
BenefitWith two-step authentication, Dropbox improved its reputation and regained users' trust. It also minimized the risk of future attacks, increasing the overall security of the system, which today allows millions of users to store their documents securely.
-
Bank of America and the protection of financial transactions
In banking, Bank of America has implemented two-factor authentication as a security standard for online transactions and access to sensitive accounts.
While the banking sector has always handled extremely sensitive data, the implementation of 2FA helped to significantly reduce the number of fraudulent transactions.
BenefitBank of America experienced a sharp decrease in fraud attempts. Customers also feel more confident knowing that their money and personal data are better protected, which has strengthened the bank/customer trust relationship and improved customer retention.
Real cases of companies that did not implement 2FA and their consequences
-
Twitter (2020)
In July 2020, Twitter suffered a massive attack in which several high-profile accounts (including those of Elon Musk, Barack Obama and companies such as Apple) were hacked to promote a cryptocurrency scam.
It was revealed that the attackers gained access to the accounts by taking advantage of internal tools and the lack of multi-factor verification in some cases.
ConsequenceIn addition to the financial loss and exposure of high-profile accounts, the attack severely damaged Twitter's reputation. The company was forced to review its security policies and has since stepped up two-step authentication measures to prevent future incidents of this magnitude.
-
Colonial Pipeline (2021)
In May 2021, Colonial Pipeline, one of the largest oil and gas companies in the U.S., was the victim of a ransomware cyberattack.
The attackers gained access to the system with a vulnerable password and without two-step authentication, which allowed the hackers to crash the systems and disrupt the fuel supply.
ConsequenceThe attack had a massive impact, not only for the company, but also for the country, as it caused a temporary fuel shortage. Colonial Pipeline had to pay a ransom of $$4.4 million to regain access, and the incident led to a reform of its security policies, which ultimately resulted in the implementation of 2FA.
3. CNA Financial Corporation (2021)
In March 2021, CNA Financial, one of the largest insurers in the United States, was the victim of a massive ransomware attack.
The attackers managed to infiltrate your system through an account that did not have two-step authentication.
This allowed cybercriminals to access critical internal networks and spread ransomware, resulting in the encryption of several systems and sensitive data.
Consequence: CNA Financial had to pay a ransom of approximately $40 million to regain access to its systems. In addition to the direct financial impact, the company's reputation was severely impacted by not having basic security measures such as 2FA in certain accounts, which made it easier for attackers to gain access. Following the incident, CNA implemented 2FA on all user accounts and strengthened its cybersecurity policies to prevent future attacks.
The importance of adopting 2FA today
Two-step authentication is now a necessity, not a luxury. Cyber attacks are constantly evolving and are increasingly focused on taking advantage of users' naivety or lack of attention.
Companies such as Google, Dropbox and Bank of America have already demonstrated the benefits of its implementation, while Twitter, Colonial Pipeline and CNA Financial Corporation suffered the consequences of not having 2FA in place at the time.
Implementing 2FA helps minimize the risk of your accounts being breached, as attackers will need not only your password, but also access to the second factor, which is usually on your personal device.
This is crucial for both businesses and users, who are increasingly facing online threats.
At MasterBase®, we are committed to the safety of our users.s. Moreover, we promote and use two-step verification to protect access to our platforms.
Each time a user logs in, they must confirm their identity with a second layer of authentication, which ensures an extra level of protection.
