Some say that the price tag associated with integrating a two-factor (2FA) solution is far too expensive and not worth implementing unless it is required due to a regulation or breach. But what if this cost was looked at as more of a necessity than an extra cost? I challenge you to consider looking at 2FA costs as more of the cost of doing business and less as a precaution.
Putting it into perspective
Let’s put this into perspective. When building a house, you know that you need to protect your home and understand that door locks for any exterior doors of your new home should be installed. When looking at all of the different types of locks available, you decide that there is too many to choose from and none of them really strike your fancy. Also, they all seem to range from $10-$300 for an intricate fingerprint scanner.
Since you are so overwhelmed and were told that you are building in one of the safest neighborhoods in town, you decide to forgo putting door locks on the house and spend the money on upgrading the locks on your windows.
You justify this spending because your house has more windows than doors, so you figure someone is more likely to try and pry one of those bad boys open than walk through the front door. The front door seems too obvious for someone to break in through, and besides you live in one of the safest neighborhoods right?
Although this does increase the security of your home, this also provides you with a false sense of security and still leaves you vulnerable.
Making the connection
Let’s look at your company, you have information that you need to protect right?
Of course you do. So you are given the challenge to “protect and serve” that information, much like the police protect and serve your town and keep the residence safe.
You know that you need protect the data from getting into the wrong hands and there are a few different entry points that they can access that data. You understand how 2FA works and the benefits of protecting your information in this manor, but you look at all of the options available and the price tags and think it is simply too expensive to implement. So you decide the best way to protect your information is to spend more money on anti-virus software instead.
Just like spending more money on the window locks, this does increase security but can also provide a false sense of security and can still leave you vulnerable.
Looking beyond initial cost
You may consider the initial buy-in cost of 2FA to be very high and not worth the investment, but what about when and if something happens?
As a good friend and mentor once said to me; “There are two types of companies, ones that have been breached and those who don’t realize they have been yet.”
There have been so many instances lately that have demonstrated the need for stronger authentication and security. Companies outside of the United States are on the hunt for vulnerable organizations that have great ideas and trade secrets that they can leverage for their own financial gain. Large retailers and financial institutions have fallen victim to identity theft incidents that have left unforeseen scars on their brand image.
These companies had security measures in place, however they were simply not enough to protect them from such attacks. Perhaps if they took a closer look at their security measures they would have considered adding more security solutions, like 2FA, to their environment this could have been prevented.
Is there a need for the cost to be so high?
The simple answer is no.
In the modern authentication marketplace, there are many different solutions to choose from for a two-factor authentication methods. There is no need to spend hundreds of thousands or even tens of thousands of dollars to protect your environment with 2FA, like RSA’s SecurID. There are cost effective solutions that can allow you to achieve the stronger authentication you need that have little to no per-user costs and also do not use tokens that carry expiration dates.
These solutions include BIO-key’s PortalGuard, which offers 10 different two-factor one-time password (OTP) delivery methods and also allows you the flexibility operate with more than one method within your environment.