Forums Community Two factor authentication Reply To: Two factor authentication

#14694 Reply

Gbatts

Svante – I appreciate the distinction between authentication and encryption.  The use-case we’re trying to protect against in asking for 2FA is a user’s password being compromised.  No matter how good the encryption is once an attacker obtains the users password they’re in.   Think of an average medium sized business with remote access.   A user’s password is compromised; the attacker uses that to gain remote access to company’s network or some cloud resource.  They encounter an AxCrypt encrypted file (must be good stuff, its encrypted).  The user (of course) uses the same password for AxCrypt.  Easy peasy, decrypt the file using the same compromised password.  With 2FA in place, when the attacker attempts to get access to AxCrypt they would effectively be blocked from gaining access to the sensitive data (not to mention the user getting a message on their cell phone alerting them that something’s up). Authentication in this case ensures the file is only decrypted by the owner.

Listen to your users.