Hackers can easily use stolen usernames and passwords to conduct cyber attacks because many online accounts still don’t use two-factor authentication controls designed to help keen them safe.
Two-factor authentication (2FA) – or multi-factor authentication (MFA) as it’s alternatively known – is one of the key methods which individual users and wider organisations can use to help protect their online accounts from being hacked, even if their login credentials have been leaked or stolen.
However, according to the DCMS Cyber Security Breaches Survey 2022, only around third of organisations have any requirement for two-factor authentication on user accounts – the figure stands at 37% for businesses and 31% for charities.
That means that around two thirds of organisations don’t have any rules around two-factor authentication at all, so employees are unlikely to be using it, leaving their user accounts vulnerable to cyber attacks and hacking.
Two-factor authentication creates an additional layer of protection, requiring users to use a text message, app or hardware key to confirm that it’s really them attempting to login to their account. This can help to stop cyber criminals from logging into online accounts with breached or stolen passwords.