In 2016 alone, more than 2.2 billion records were exposed in data breaches. Using a password-based authentication with a good hashing scheme like Bcrypt is perfectly fine as long as you can guarantee that your users won’t use easy to guess passwords or reuse passwords at many portals. Both of these assumptions turn out to be wrong in a substantial number of cases, however. There are ample reasons to require using multi-factor authentication. Other than asking your employees and users to use a password manager, here are five strategies that a business can use to protect themselves (that SMS as a second factor is not recommended because of some serious security implications):
HOTP/TOTP
This is the second most common way of providing multi-factor authentication (after SMS). HOTP and TOTP are One-Time-Password strategies that generate a secret code to be entered by the user to log in. This secret code has a time-based expiry. The code is shared with the user using an already authenticated application that is installed on the user’s mobile device. Google Authenticator is an example of one such application. Note that any application that supports HOTP/TOTP can be used to login to multiple services, you do not need a new application for each service.
Magic …
Read More on Datafloq