A cyberattack against JPMorgan Chase last summer, which affected 76 million households, could have been prevented by a simple security fix, experts say.

Had JPMorgan Chase implemented TWO-FACTOR AUTHENTICATION on all of their servers, the breach would likely not have occurred.  From Dealbook at the New York Times:

“Most big banks use a double authentication scheme, known as two-factor authentication, which requires a second one-time password to gain access to a protected system. But JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme, the people briefed on the matter said. That left the bank vulnerable to intrusion.”

Two-factor authentication adds a second layer of authentication to login procedures, beyond the username/password combination.  This second layer of authentication makes it increasingly difficult for hackers to remotely access your data.

Two-factor authentication can be established many ways, but the basic principle is to combine 1. SOMETHING YOU KNOW (like a username/password combination) with 2. SOMETHING YOU HAVE (like a key fob, mobile phone, or biometric fingerprint.)

Tier1Net recommends implementing two-factor authentication on all publicly accessible remote access portals.  The Sonicwall SRA appliance leveraged by many Tier1net customers has this capability bundled into its standard operating system.  This feature known as ONE-TIME PASSWORD or OTP works by challenging an authenticated user with a request for a second password.  The second password is sent from the device to the user via text message.  Upon each subsequent login, the user will receive a different one-time password for access.

Recently Tier1Net has been implementing all new Sonicwall SRAs with this secure configuration by default, and strongly recommends enabling it for all production appliances currently configured for single factor authentication.

Thanks and Happy Holidays!



Read More: http://dealbook.nytimes.com/2014/12/22/entry-point-of-jpmorgan-data-breach-is-identified/