Extract from Marcin Święty’s article “Why Trusting 2FA Today is Critical to Your Organization’s Long-Term Security Goals”
The average office worker typically receives ~121 emails per day. And while most companies have email tools set up to filter out spam and malicious links, they don’t catch everything.
Email spoofing, where a threat actor “spoofs” a fake sender email address to impersonate a trusted person or company (like “relatlvlty[.]com”), is an increasingly common tactic threat actors use to bypass these security measures. They seek to create a false sense of security for employees, often leading to compromised user and company login credentials—which are then used to carryout out data exfiltration and data breach activities.
Two-factor authentication (2FA) is a quick and efficient way to break this chain of attack by adding a second layer of security to the user login process. Simply put, 2FA makes sure that you are who you say you are by requiring a second step of authentication beyond a password, typically done by entering in a code delivered to you via SMS text or email.
In the current age, where passwords and credentials are easily stolen and sold on the dark web, having a second step to verify and authenticate your identity when accessing online accounts and portals is critical to ensuring you stay secure online. So why isn’t this simply the norm whenever we work with and access private, confidential, and proprietary data?
