GetApp Lab

Is your cloud app one step away from a security meltdown?

Two-factor authentication (also known as 2FA or two-step authentication) could be the reason your disgruntled ex-employee didn’t ruin your business after they left. Or, conversely, perhaps the lack of 2FA meant that they royally screwed with you.

Not sure what it is? If you’ve ever had to access your Gmail account with a numerical code texted to your phone, or needed a number generated on a little plastic device (known as a token) to check your bank account, you’re familiar with two-factor authentication.

It’s not just limited to the B2C world though, as noted by business technology journalist, Sholto MacPherson, who said in the Q2 GetRank Report: Accounting in the Cloud: key trends in 2015 that accounting applications are at a risk because they don’t use two-factor authentication. He said, “The biggest weakness in online accounting software is the lack of two-factor authentication, where users sign in with a passcode on their smartphone as well as a password.”

What exactly is two-factor authentication?

Most digital stuff is accessed via password. As humans are fairly predictable creatures, passwords can be easily guessed. This is confirmed by Splashdata, which annually publishes its worst password list. To put it simply: your password of “123456” is not going to protect your data. Two-factor authentication solves this problem.

The simplest way to think about it is that 2FA acts as an extra barrier between your personal data (bank account, Facebook page, etc.) by requiring an extra step in the login process. Some of these (as mentioned) include: an extra password or PIN number, an electronic accessory, or something biological such as a fingerprint.

Although it’s not the perfect solution for securing your apps and data (nothing is), it could be the first line of defense that saves your company from losing cash and sensitive data.

As mentioned earlier, two-factor isn’t just limited to your Gmail account or Twitter handle, it’s also a critical implementation in business apps. I asked FinancialForce’s Director of Platform Technology Kevin Roberts ( pictured below) about two-factor authentication and its implications regarding accounting applications and business apps in general.

GetApp: Why is it important for accounting apps to utilize two-factor authentication?

Kevin Roberts: I think two-factor authentication is essential for all business apps accessed over the public internet.  We’ve simply seen too many high profile examples of security breaches where systems were accessed simply through gaining access via simple username/password access. Two factor authentication makes life much more difficult for the determined hacker or disgruntled ex-employee, and is now well established as a recommended best practice. It’s not a 100% guarantee of protection, but something all businesses should look for as a fundamental access control mechanism.

GA: Why has there been a hesitancy in adopting it?

KR: Well, first of all, if you had to build the authentication method yourself, it’s much harder to do than purely software development, as you’ve now got physical devices involved to provide the second authentication method.

That’s not easy to build, test and maintain. Of course, it’s much easier to achieve if you’ve chosen to run your business apps on a cloud platform that supports this as an inherent built-in capability. I think a second reason for hesitancy is some perception that it’s harder or slower for the users to login, but again, modern methods provide a very efficient end user experience.

GA: What sort benefits/drawbacks are there to using two-factor authentication?

KR: The benefits of ensuring tighter security and reducing risk of serious data security incidents are clear, both from a financial perspective (major security issues can be hugely expensive to recover from) and also a customer confidence perspective. While clearly, insistence on two-factor authentication for key business systems may force a business to re-tool, I think nowadays that should be considered simply an expected cost of doing business.

GA: What are some factors, in terms of security, that you would recommend people look out for when choosing accounting software?

KR: When evaluating applications and platforms to run applications, you need to take a broader view of all the capabilities of managing, monitoring and auditing user access. Yes, user authentication is key, and as we’ve discussed, two-factor authentication is an essential component, but also look at what tools the application provides to report on user logon history. Also look at the inherent audit trail capabilities to track actions performed in the application once a user has logged in. Nowadays, we are seeing auditors taking a close look at changes made to security profiles – tracking of that type of activity needs to be baked into your applications.

Note: It’s possible to compare security specs for some apps on our software comparison pages.


Categories: SecurityTrends
Tags: home
Matt Mullarkey-Toner :Matt is a writer at GetApp covering security, BYOD, and IoT. Prior to GetApp, he spent five years working for various news organizations in the United States and UK, before spending a year writing about mobile applications. His interests include cooking, the NBA, and rattling off trivial factoids.