Blog Details

right_shape
Home | Blog | OmniOnline News | 2FA – Two-Factor Authentication at OmniOnline
img

2FA – Two-Factor Authentication at OmniOnline

Business & Websites | OmniOnline News

We’re excited to let you know about a new service we are offering here at OmniOnline!
It’s called 2FA or MFA  and stands for 2 Factor Authentication or Multi-Factor Authentication.
For simplicity’s sake we’ll just refer to it as 2FA form here on.

 

You probably already know what 2FA is ( since you likely already use it for many other applications).
But for those of you who would like a concise, video-based explanation to see what it is and how it works, watch this excellent explainer video (under 2 min) created by the Government of Canada.

 

Up until this point at OmniOnline we have relied on unique username/password combinations for our sites.  If every one of our clients followed industry standards for usernames and passwords this would continue to be enough.  But that’s just not the case.  We’ve seen an increase in attempted hacks over the past few months and for anyone not using industry best standards, their sites have become vulnerable. Your site is only as secure as your weakest password. So you can see how this has become an increasingly important factor.

Check out NordPass’s list of the 200 most popular passwords in 2022.
Here are the top 10.

  1. password
  2. 123456
  3. 123456789Hacker spam 2FA MFA Protecting your website
  4. guest
  5. qwerty
  6. 12345678
  7. 111111
  8. 12345
  9. col123456
  10. 123123

 

That’s right!
The most popular password in 2022 was still “password”!  Can you believe it?

By far the most common type of attack against WordPress websites is called “Credential Stuffing”.  This is when an attacker tries to guess multiple username and password combinations for a site based on data breaches and password lists they gain access to, and they probably know the top 200 passwords as well don’t you think?


When Admin Users reuse the username or password on your website that they use elsewhere, when they share those credentials through insecure methods (like emails) or when they simply have weak username/password combinations, it offers attackers an opportunity to acquire (or guess) those credentials and then it opens your website up to malicious activity.

While hacking activity goes far beyond Credential Stuffing, it is one of the easiest methods to stop.
The answer is 2FA.  

Our excellent server-side security platforms already protect your site against other forms of attacks. But when a human attacker logs into your site with a legitimate username and password combination, our systems are unable to tell the difference between you and them.

 

That’s why we’ve decided to offer this extra layer of protection to our customers.

 

We also recognize not everyone wants this functionality forced on them. Perhaps you are the only Admin User on your website and you already follow industry standards like:

  • Creating a strong password with a combination of 8 or more characters, digits, symbols 
  • Storing your password in only one place – a secure Password Manager application like LastPass.
  • Changing your Password regularly
  • Using a unique password for your website that you don’t use anywhere else
  • Never sharing your password with anyone else

 

These are great practices and might mean that 2FA is not required for your business website. That’s fine and we’re happy to continue working with you and relying on your best efforts at keeping your username/password combination secure, alongside our industry-leading standards of AI-based server-side security measures.

For many others 2FA is a no-brainer.  If you cannot control the username password combination that Admins logging into your website use, 2FA is for you!

The only downsides to 2FA are the Physical Costs and the Time Costs / Hassle.
The plugin provider and license level we have purchased offers excellent custom features such as disabling 2FA for trusted devices. This means if you are continually logging in and out of your website, you can set your devices to not require this extra security step.  This alleviates much of the hassle leaving just a small monetary cost as the only remaining drawback. However, when compared with the average cost of dealing with a cyber attack/data breach, (estimated at $108,000 by this source) we think it’s a critical investment that most of our clients should be taking advantage of.

 

The cost of this extra layer of security will be  a one-time setup fee of $50 per website and then an ongoing annual fee of $30/year for each user who wants 2FA enabled on your website. (A user is defined as someone who needs to login to your site to make edits, not someone who just browses your site).

For most of your clients or website traffic this increased layer of security will not even be noticeable. It won’t interfere with their ability to navigate your website and won’t slow your website down!

If you are interested in adopting increased security for your website (and we really think you should be) please get in touch with us today.  We will work with you to install and setup the software, configuring it to your Administrators individual needs.

OmniOnline now offer 2FASo give us a call today at 306-586-6118.
Or use our 2FA signup form so we can reach out to you.

Your Online Partners,
OmniOnline

 

Related Posts

Blog | Business & Websites

Elevating Your Business in the Digital Age

Read More
OmniOnline Blog Featured Image - Time to refresh my website
Blog | Business & Websites | OmniOnline News

Refreshing My Website – When is the right time?

Read More
Start Fresh with a New Website After COVID
Business & Websites

Start Fresh – With a New Website Partner

Read More

Recent Posts

Categories

Support You Can Count On

We pride ourselves on offering top-notch service to the businesses we partner with. Because in the online industry, service and support aren't nice to have, they're critical.

We're here - Lets Talk