cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Two-Factor Authentication and Why it Matters for Public Sector Organizations

Level 13

Here’s an interesting blog that looks into the importance of two-factor authentication for the public sector as digital crime increases.

“It won’t happen to me” can be naïve, and perhaps even irresponsible, in an era that sees digital crime grow each day.

Awareness Through Education

Google has done much to elevate online security awareness. Most account users will be familiar with its 2-Step Verification process, designed to make it much harder for hackers to gain access to files and information. Known generally as Two-Factor Authentication (2FA), this additional layer of security requires not just a username and password, but also something that is completely unique to that user, whether it be a piece of information or a physical token. It’s based on the concept that only those users will achieve access based on something they know (knowledge) and something they have (possession).

Leading by Example

In a public sector context, data sits at the heart of organizations, in an environment shaped by stringent data regulations and growing security threats. As such, a renewed emphasis has been placed on expanding the use of strong multifactor authentication that’s resistant to attack, particularly for systems accessed by the public. Two years ago, the U.S. government launched a Cybersecurity National Action Plan (CNAP), which included mandatory two-factor authentication for federal government websites and government contractors.

The Local 2FA Landscape

From a U.K. perspective, a growing number of government agencies are deploying encryption to help secure critical information properties. For example, the Code of Connection (CoCo) and public services network (PSN) frameworks recommend that any remote or mobile device should authenticate to the PSN via two-factor authentication. The uptake in two-factor authentication processes in public sector organizations is rising, with some vendors delivering authentication-as-a-service that can be used to authenticate cloud applications, infrastructure, and information.

Better Security = Peace of Mind

Two-factor authentication provides reassurance for both users and system administrators. Biometric authentication, such as a fingerprint, is becoming more common and can be used in diverse systems such as websites, enterprise applications, and secure thumb drives.

The Practical Way Forward

Organizations will need to ensure that their back-end solutions are designed and in place to support the technology and work properly for system users. Thought also needs to be given to education and awareness when introducing new authentication systems. It could become overwhelming, particularly when considering that many public sector organizations may have only recently started to develop a digital transformation strategy. In the NHS space, for example, just 24% of trusts and Clinical Commissioning Groups (CCGs) have begun to develop strategies.

Processes such as cloud adoption and 2FA are all part of the same digital transformation journey, and having the appropriate government cybersecurity tools to manage each of these components can go a long way towards helping public sector organisations understand what is needed to best support them and their publics. Striving for more secure authentication systems that provide far more confidence in the identity of both end users and systems administrators is a great example of this, and is why it matters.

Find the full article on Open Access Government.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

15 Comments
Level 14

Thanks for the article!

Level 14

We are just turning on 2FA for e-mail and some web based apps.  Users are really confused even though they have been given plenty of notice and documentation.

Level 13

Thanks for the post.  2FA is definitely becoming a requirement for authentication systems.

Level 13

Thanks for the article. We have some different flavors of 2FA. some are less confusing than others. They've had to add hints on the screen to make some of them usable for the non technically minded. I say non technically minded but without some of the hints I'd struggle too as as second factor is on different page to first factor with a different user-id. You need the hint to know which page you are on.

I've used MFA for a seemingly long time, and am quite impressed, perhaps even unnerved, at how quickly a session requiring a second form of authentication alerts my smart phone.  I have on-site in-LAN applications that don't react as quickly as my two MFA applications do, and MFA not only has to work internally--it must also get out to the Internet and send my cell phone a message via WiFi.  Amazing. 

And it's not tongue in cheek, either.  I honestly don't understand why my internal apps perform more slowly than MFA which relies on the same internal network PLUS the Internet and cell phone towers and cell signal.

I am a huge advocate for multi factor authentication, however I see that for many users it seems to be too complicated. They just refuse to learn the concept and see the benefits. I hope with the latest data breach here in Germany, MFA gets some more attention.

Level 16

Thanks for the write up!

MVP
MVP

2FA tends to get a lot of push-back from users and very often management. There's the fear of that added "complexity" and less convenience. However, having worked in multiple environments that utilize 2FA it's really a pretty quick learning curve and people adapt to it very quickly. In sales you are taught to sell the "sizzle" not the steak. This is a bit harder in something like this because there isn't any sizzle it's about security and "insurance." I'd like to hear people thoughts on how they have presented this to management and won over those that were reluctant.

MVP
MVP

Nice write up

Level 20

I think the new continuous multiple factor the DoD is working on is really neat.  One of the main factors is your gait.

Level 13

Two-factor on everything

Level 14

Still working on implementing this

Level 15

Great article thanks for posting.  We too are in the early stages of reviewing 2FA.

Level 12

twu factor ia great way to increase security.

MVP
MVP

Good information. I've taken to using 2FA for my personal accounts - email/Amazon/etc. Like many I don't feel like I have a lot that people would want to steal specifically, but the whole identity theft thing is a big concern.