Over the past few years we have watched in awe as site after site have fallen to hackers. From Yahoo’s huge 500MM compromised accounts to LinkedIn and Adobe’s major data breaches, we are witnessing the results of poorly architected security and a seemingly lax approach towards user security. Beyond major data breaches, we have been seeing recycled password attacks on sites ranging from Github and Carbonite to Business Insider and Spotify.
The culprit for all of these attacks was a single “re-used” password that was stolen — or pulled — from a previously compromised database. Using a single re-used password, hackers can gain access to email, bank accounts, and even your SMS messages (provided online with a minimum of security by Verizon and AT&T) allowing them to escalate their access and subversiveness.
Being breached in this manner can happen to any person at any company, especially since it’s next to impossible to ensure that employees never re-use a password.
But it comes down to this: If you are relying solely on your employee’s passwords strength for your security, you will get hacked.
At Authy, we’ve had numerous and lengthy discussions about the state of online security and how we can do even more to help. Over the past few years, we’ve assisted many of our larger customers in efforts to deploy two-factor authentication (2FA) to their VPN using a proprietary plugin developed at Authy. But after looking at the bigger picture, we decided that it is more important to let anyone – and everyone -take advantage of it. So today we are Open Sourcing our OpenVPN 2FA plugin.
This plugin is extremely powerful
First, it supports any authentication method you use, whether it’s signed certificates, PAM, LDAP or something custom. You can also use any of Authy authentication methods – either one of our dedicated apps, SMS messages, or phone calls. We can also provide dedicated hardware tokens even if you just need a single one. Combine this with Authy SSH and you have all your end-points covered. There’s no longer any excuse to rely on passwords alone.
We know that when you have a startup, growth is the #1 priority, as it should. But having heard from many startups after they’ve been hacked, we know how devastating a breach can be for the business.
Our advice? Spend just one day adding 2FA to all of your endpoints and vastly increase your security.