Before you let passwords and two-step login be the security controls you rely on the most, remember bad actors can altogether bypass the login if they take control of users’ computers.
Think of buildings that have locked doors. If an employee lets a stranger tailgate and walks through the door behind your employee, the stranger doesn’t need a key or a badge.
It is the same with passwords. If an attacker is dwelling in a computer, the attacker waits for the user to log in, and now the attacker’s in too, even though they didn’t need to know the password or have a token, a text message, or anything else.
So don’t believe that having great authentication is the primary protection for your organization. Protect the computers from being compromised by managing security updates, restricting local user privileges, having IT security audits, and the other recommendations in the blog on our website, including this one fosterinstitute.com/executives-five-key-cybersecurity-steps-to-protect-your-organization-and-the-vital-timing/
Please forward this to your associates so that they know passwords and two-step logon are essential to have, and they are not enough.