Blog Details
2FA – Two-Factor Authentication at OmniOnline
We’re excited to let you know about a new service we are offering here at OmniOnline!
It’s called 2FA or MFA and stands for 2 Factor Authentication or Multi-Factor Authentication.
For simplicity’s sake we’ll just refer to it as 2FA form here on.
You probably already know what 2FA is ( since you likely already use it for many other applications).
But for those of you who would like a concise, video-based explanation to see what it is and how it works, watch this excellent explainer video (under 2 min) created by the Government of Canada.
Up until this point at OmniOnline we have relied on unique username/password combinations for our sites. If every one of our clients followed industry standards for usernames and passwords this would continue to be enough. But that’s just not the case. We’ve seen an increase in attempted hacks over the past few months and for anyone not using industry best standards, their sites have become vulnerable. Your site is only as secure as your weakest password. So you can see how this has become an increasingly important factor.
Check out NordPass’s list of the 200 most popular passwords in 2022.
Here are the top 10.
- password
- 123456
- 123456789
- guest
- qwerty
- 12345678
- 111111
- 12345
- col123456
- 123123
That’s right!
The most popular password in 2022 was still “password”! Can you believe it?
By far the most common type of attack against WordPress websites is called “Credential Stuffing”. This is when an attacker tries to guess multiple username and password combinations for a site based on data breaches and password lists they gain access to, and they probably know the top 200 passwords as well don’t you think?
When Admin Users reuse the username or password on your website that they use elsewhere, when they share those credentials through insecure methods (like emails) or when they simply have weak username/password combinations, it offers attackers an opportunity to acquire (or guess) those credentials and then it opens your website up to malicious activity.
While hacking activity goes far beyond Credential Stuffing, it is one of the easiest methods to stop.
The answer is 2FA.
Our excellent server-side security platforms already protect your site against other forms of attacks. But when a human attacker logs into your site with a legitimate username and password combination, our systems are unable to tell the difference between you and them.
That’s why we’ve decided to offer this extra layer of protection to our customers.
We also recognize not everyone wants this functionality forced on them. Perhaps you are the only Admin User on your website and you already follow industry standards like:
- Creating a strong password with a combination of 8 or more characters, digits, symbols
- Storing your password in only one place – a secure Password Manager application like LastPass.
- Changing your Password regularly
- Using a unique password for your website that you don’t use anywhere else
- Never sharing your password with anyone else
These are great practices and might mean that 2FA is not required for your business website. That’s fine and we’re happy to continue working with you and relying on your best efforts at keeping your username/password combination secure, alongside our industry-leading standards of AI-based server-side security measures.
For many others 2FA is a no-brainer. If you cannot control the username password combination that Admins logging into your website use, 2FA is for you!
The only downsides to 2FA are the Physical Costs and the Time Costs / Hassle.
The plugin provider and license level we have purchased offers excellent custom features such as disabling 2FA for trusted devices. This means if you are continually logging in and out of your website, you can set your devices to not require this extra security step. This alleviates much of the hassle leaving just a small monetary cost as the only remaining drawback. However, when compared with the average cost of dealing with a cyber attack/data breach, (estimated at $108,000 by this source) we think it’s a critical investment that most of our clients should be taking advantage of.
The cost of this extra layer of security will be a one-time setup fee of $50 per website and then an ongoing annual fee of $30/year for each user who wants 2FA enabled on your website. (A user is defined as someone who needs to login to your site to make edits, not someone who just browses your site).
For most of your clients or website traffic this increased layer of security will not even be noticeable. It won’t interfere with their ability to navigate your website and won’t slow your website down!
If you are interested in adopting increased security for your website (and we really think you should be) please get in touch with us today. We will work with you to install and setup the software, configuring it to your Administrators individual needs.
So give us a call today at 306-586-6118.
Or use our 2FA signup form so we can reach out to you.
Your Online Partners,
OmniOnline
