User permissions and two-factor authentication are a vital element of a secure security infrastructure. They can reduce the chance of malicious insider activity or accidental data breaches, and ensure compliance with regulations.

Two-factor authentication (2FA) requires a user to input credentials from two different categories to sign into an account. This could be something that the user knows (passwords, PIN codes security questions), something they possess (one-time verification code sent to their mobile or an authenticator application) or something they are (fingerprints facial or retinal scan).

Often, 2FA is a subset of Multi-Factor Authentication (MFA) that has more than two. MFA is a requirement in certain industries such as healthcare as well as e-commerce and banking (due to HIPAA regulations). The COVID-19 virus pandemic has also increased the importance of security for businesses that require two-factor authentication.

Enterprises are living organisms, and their security infrastructures are always changing. Users have roles that change and capabilities of hardware are changing and complex systems view are accessible to users. It is important to review your two-factor authentication process at scheduled intervals to make sure that it can keep up with the changes. Adaptive authentication is one way to achieve this. It’s a kind of contextual authentication, which creates policies based on timing, location and the manner in which the login request is handled. Duo provides an administrator dashboard centrally that allows you to easily monitor and manage these types of policies.