Two-factor authentication should be a staple

Johannesburg, 05 Dec 2017
Read time 3min 20sec

The tools for two-factor authentication have been available for about a decade and in an era of increasing cyber crime, fraud and identity theft, two layers of authentication at least should be a staple for security. But it is not. While some are already graduating to multi-factor authentication, an alarming number of companies rely on single factor authentication such as passwords exclusively.

"Cybercriminals are always cultivating new methods for accessing bank accounts, company information systems and other online services. Motivated by financial gain, hackers are and will continue to find ways to get their hands on peoples' credentials to gain access to user accounts and company systems. It's how they make their money. Companies need to move away from relying passwords only for authorising user access to their IT systems," says Lipsky Raseasala, an IT security consultant at Securicom, a leader in managed IT security solutions.

Two-factor authentication for verifying user credentials has been around for more than ten years. It's that extra layer of authentication or verification to prove who users say they are in order to access accounts and other resources. Single factor authentication can be a password, where most cases you need to enter the identity (username) and then the password to gain access. Second factor authentication involves an extra, identifying link to the person that belongs to that person alone, such as a body part, like an eye or finger print, or a device like a smartphone, laptop or hard tokens.

According to Raseasala, larger companies have added two-factor authentication to verify users accessing IT resources, especially for employees working remotely who require access to the servers via SSL (secure socket layer) VPN (virtual private network). Adding a second factor of authentication or verification adds an extra layer of security that makes it more difficult to gain unauthorised access.

However, small and medium sized businesses are lagging behind, leaving their IT systems vulnerable.

"The unauthorised access of systems using usernames and passwords is now commonplace. Major breaches have occurred in organisations that use only single factor authentication, where the credentials of a single user have been utilised to access company systems.

"As hackers hone their methods of attack, breaches are also happening within organisations that have implemented two-factor authentication. Hackers for instance are creating malware that is designed specifically to target tokens such as soft tokens popular on smartphones.

"Where unauthorised exposure of company resources would place a business at risk, such as for organisations that process and store sensitive information such as personal information, additional controls need to be incorporated to monitor and continuously authenticate users while they are accessing those resources," he explains, adding that layers such as device recognition, IP reputation, PKI certificates, geo-location, geo-fencing, group entitlements, access histories and behavioural biometrics can be added to check credentials and authenticate users. This is referred to as multi-factor authentication, something you have, something you know and something you are.

"Multi-factor authentication is certainly the way forward. However, any additional layers or controls that are added need to be integrated mindfully so as not to hamper productivity. It is also important to note that no two companies have the same access and security requirements. One size certainly does not fit all when it comes allowing users' access to information resources.

"If you are in doubt, consult with qualified, outsourced IT security providers who will be able to assess your security requirements and advise on a two-factor or multi-factor authentication process that will allow you to effectively manage risk and user productivity at the same time," concludes Raseasala.


Securicom is a leading managed IT services vendor in Africa, with global presence. It is one of a handful of local vendors to offer an end-to-end range of fully managed IT security services for the cloud, from the cloud. Its consumption-based services are available through a select partner network in Africa.

Securicom's holistic suite of solutions provides comprehensive weaponry and proactive defence against the host of threats that afflict businesses today from endpoint protection, managed firewalls, and advanced Fortigate reporting, to WAN and LAN optimisation; e-mail content management, and mobile device management.

Solutions are packaged to harness the capabilities of best-of-breed technologies including Symantec Brightmail, Riverbed, Fortinet, logMojo, and XenMobile. Solutions are hosted upstream at Securicom's highly-secure, local data centres.

Securicom has offices in Johannesburg, Cape Town and Namibia; and offers its services in 10 other African countries. For more information on Securicom, please visit

Editorial contacts
PR Talks Mandy Prowse (+61) 41 392 1374
Securicom Kerry Webb (082) 496 0713
Login with