Making the case for hardware 2FA in the enterprise

As attackers find ways around authenticator apps, hardware two-factor authentication makes a lot of sense.

digital circuit-board key amid binary code / hardware key
liulolo / Getty Images

Phishing and credential stuffing attacks are two of the biggest threats to any large organization, but two-factor authentication (2FA) —especially hardware 2FA — is remarkably effective in mitigating such attacks by an order of magnitude or more.

A low- to moderately resourced attacker who successfully phishes an employee and steals their account credentials is going nowhere fast if that employee has hardware 2FA enrolled. Authentication will still require physical possession of the hardware 2FA token. Likewise, in cases of password re-use where an attacker tries a credential stuffing attack, that hardware 2FA token will come in mighty handy at fending off a huge chunk of the background attack noise of the internet.

Hardware 2FA is also considered significantly more secure than software 2FA (such as an authentication app on an employee's phone) not to mention cheaper to replace, in the event of a lost or stolen phone.

Authentication apps no longer good enough?

Attackers are already finding ways to end-run around software-based 2FA. As veteran malware researcher Claudio Guarnieri recently observed, "Looking at the phishing campaigns @AmnestyTech Security Lab responded to and investigated in the last year, there hasn't been one which wasn't provided with at least some capability to bypass non-U2F multi-factor authentication." U2F, short for Universal 2nd Factor, is an open standard for hardware 2FA tokens.

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.