Did you know you can create a 2-Factor Authorization (2FA) process in Infusionsoft, using some fairly basic tools built into the Campaign builder? Recently we built a 2FA process for a client of ours who wanted to be extra certain that the folks accessing their content were the intended users. In this two-part blog post, we’ll explain how to build your own Two-Factor Authorization process, but first, it’s probably worth talking a little about what 2FA is and why you might want to use it.
Why use Two-Factor Authorization (2FA)?
The first question you’re probably asking is why you need something like 2FA. Isn’t that what passwords are for, anyway? There’s so much you can do online these days (and we can help your customers do it all!) but there are certain situations where an extra layer of security is warranted. Passwords provide some protection, but they’re not perfect, for a few reasons.
The more accounts your users have online, the more likely they are to recycle passwords they’ve used on another site. While systems try to demand more and more complex passwords, in reality, users want to use a password that is simple and easy to remember. In 2017, Researchers from the security firm 4iQ found a database of 1.4 billion usernames and passwords that had been leaked on the internet, and an astonishing number of these are painfully simple strings like “123456,” “password,” or “111111.”
A 2FA process helps keep your users secure by giving them a simple way to access their online account and prove they are who they say they are. First, they’ll provide their username and password. Then, instead of getting access right away, they’ll be asked to provide a secondary detail to prove they are who they say they are.
Generally, these details can come in a few different forms:
- Something only the user would know. This is something like a PIN, a secret question, or a secondary password.
- Something only the user could have on them. This is something like their smartphone that can be authenticated.
- Something you are. These advanced 2FA methods are things like fingerprint or iris scans, and a little beyond the scope of what we’re doing today, but it’s always good to know the possibilities!
The idea of two-factor authorization is that just one of these things being compromised won’t provide access to the account. So if your phone is stolen, you would still need the password. If your password is exposed, you still have to provide a secondary PIN number. It helps the user and those running the website make sure that each user’s information is kept secure.
Next week, we’ll talk about HOW to create a 2-factor authorization process in your Infusionsoft application. See you then!