Companies Should Mandate Two-Factor Authentication, Says Head of National Cybersecurity Alliance

Lenovo, Facebook and Microsoft sit on board of non-profit group led by Interim Executive Director Lisa Plaggemier.

Companies Should Mandate Two-Factor Authentication, Says Head of National Cybersecurity Alliance
Photo of Lisa Plaggemier from the SANS Institute

WASHINGTON, February 8, 2022 — The interim executive director of a non-profit that has on its board members from Lenovo, Facebook, Microsoft and a number of other prominent tech firms said that companies should mandate two-factor authentication.

Lisa Plaggemier of the National Cybersecurity Alliance, which advocates for cybersecurity across the country, made the comment at an event hosted by Axios Media on Tuesday.

Companies that use logins will sometimes use two-factor authentication as an extra step to verify the person logging on. If companies mandate two-factor authentication, like Plaggemier suggests, she concludes that more vulnerable populations will be safer on the internet.

The Biden administration is currently grappling with the need for cybersecurity legislation in the U.S, in the wake of a number of breaches, including financial investment app Robinhood, in which the stock trading investment app lost the data of more than 7 million customers. SolarWinds, a software development company, experienced a similar event in February 2021. Oil transport company Colonial Pipeline, and meat producer JBS have also experienced similar attacks.

Plaggemier’s statement is relevant considering the partnership between the NCSA and the Cybersecurity and Infrastructure Security Agency under the U.S. Department of Homeland Security. In the past the NCSA and the CISA have worked together to promote cybersecurity safety month throughout October.

For companies that may not want to make two-factor authentication a requirement, Plaggemier suggests that companies should still communicate with their customers about the possibility.

“If you do make it a choice, hiding it deep within your security settings is not the easiest way to help people find it [two-factor authentication]. Communicate with your customers about security.”

That said, Plaggemier predicts that by communicating the safety two-factor authentication presents, customers will actually have more trust in their companies. Plaggemier recommends that companies send out helpful tips to customers that highlight ways to stay safe on particular platforms or websites as a way to help the company itself benefit.