Identity has a foundational role to play in conducting business. It is important that your business information is in the hands of the individuals it is meant for, otherwise your data can be compromised. Currently, every organization is looking to modernize its technology, be it the acceleration of cloud adoption, digital transformation, or increasing online security, and as it is modernized, greater security is needed. Focusing on secure access and verifying identity is the key to succeeding in these projects and helping your organization thrive. Additionally, individuals are increasingly using dual-factor authentication to keep their own data private and protect their finances.

Now, authentication usually works the following way: when you sign into your work or web account, you are usually asked to verify that you are the owner of that account. Most of the time, you are asked for a username and password, credentials created upon initial sign-up of the account. But the truth is, providing a username and password does not prove who you are, especially since credential breaches are widespread nowadays. This is where dual-factor authentication comes into play.

What is dual-factor authentication?

Dual-factor authentication, sometimes referred to as two-factor authentication (2FA) or two-step verification, is a security process where users provide two different authentication factors to verify themselves. A commonly known dual-factor authentication practice, which you have most likely experienced, is entering a username and password, followed by receiving a code on your phone or email that you must enter in order to complete the login procedure. This provides greater security by ensuring it’s you logging into the account, rather than someone who has simply gained access to your password.

So, how does dual authentication work?

  • You will have to log in to the application or website you are using
  • The application or website will ask for the username and password
  • You will be prompted to initiate the second step login  
  • A one-time code will be provided to you either via text or email, which you will have to enter
  • Once you have entered the code, the authentication is complete, and access is granted

Factors of authentication

There are three main categories of possible factors that can be used in dual-factor authentication:

  1. Something you know: a piece of information that only you have knowledge of. You may be asked to input a username and password, and even answer some personal security questions.
  2. Something you have: an item that only you are in possession of. This may be an ID card, a security token, an email, a cellphone, a mobile device, or a smartphone app.
  3. Something you are: a biological factor. While still under development, this is centered on specific physical features that are unique to you and can be analyzed technologically to prove your identity, for example: fingerprints, retina scans, face identification, or voice recognition.

When should dual-factor authentication be used?

Anywhere there is a risk of identity attack or risk of someone posing as someone else for malicious purposes. Although storing data on the cloud is considered to be more secure than keeping it on-site, that does not guarantee security, unfortunately. Data stored on the cloud can still be vulnerable to online criminals, and each year, online criminals find new ways to get access to stored data. In order to fight this, adding layers of authentication can help keep business and personal data safe.  

Is dual-factor authentication as secure as it seems?

Dual-factor authentication improves security and makes it more difficult for hackers to access sensitive data. However, it is still vulnerable to attacks because criminals can bypass it if they have all the authentication factors. However, in nearly every case, two-factor authentication is an improvement over single-factor.

One of the biggest drawbacks of a two-factor authentication process is that it may not be flexible enough to meet today’s needs. Sometimes people lose their phones or don’t have immediate access to their emails, for example. Cybersecurity professionals are working on a multi-factor authentication system to make it flexible enough for all kinds of situations. This is the future of technology.

How can dual-factor authentication be abused?

Phishing: This is where a hacker will lure a user to a fake login page, by including a link in a text or email that otherwise appears valid. Once the user has entered their credentials, the attackers will use the details to log into the actual page of the website. This will trigger dual-factor authentication, and the user will be sent a code. Once the code is entered into the fake login page, the hacker will take the code and use it on the actual login page.

Password reset: This is done using a user’s already compromised email. Once a user forgets their password, a “forgot password” icon is used to reset it, which triggers a reset process via email. If the attacker has the user’s email credentials, they can use the ‘forgot password’ button on the account’s site, and reset the password, thereby gaining access to the account.

Third-party login: This involves already compromised third-party accounts. For example, some websites will give users the option of logging in using third-party accounts, displaying: “Login with your Facebook or Google account.” This option allows you to bypass dual-factor authentication. In this case, if a hacker knows the user’s Google or Facebook credentials, they can easily take over any accounts which use those credentials.

Advantages of using dual-factor authentication

  • Protects sensitive information
  • Assures consumer identity
  • Very easy to implement
  • Adds next-level security
  • Protects your lost devices

Disadvantages of using dual-factor authentication

  • It is time consuming
  • Added friction


As businesses become more technologically advanced and transition to cloud-based applications, it is now more important than ever to be vigilant and forward-thinking. The need for more complex authentication is increasing. We can help you with solutions to make it simple to secure your environment by identifying common points of vulnerability. We are excited by the idea of supporting you and/or your organization thrive in the world of technology.

Contact McCay Duff LLP in Ottawa for Experienced Financial Guidance

A skilled financial specialist can provide much-needed guidance and strategy to both businesses and individuals looking to avoid fraud and identity theft. If you would like to discuss strategies to better protect valuable business data or secure your own financial information, we can help. We also provide advice and guidance to maximize financial health for individuals and families, including safeguarding against identity theft.

The financial team at McCay Duff LLP in Ottawa will review your particular circumstances and recommend a plan to maximize wealth both now and in the future. To learn more about how we can assist you, please contact us online or by telephone at 613-236-2367 or toll-free at 1-800-267-6551.