At Files.com, we believe that Two-Factor Authentication is the easiest and most effective security control your company can implement.
Two-Factor Authentication hardens against several security weaknesses inherant in accessing a system using only a username and password.
First, even though users are often trained to use unique, random passwords, and not to reuse passwords, it’s rare that this actually happens. Most users use simple, guessable passwords, or reuse those passwords across multiple sites.
With Two-Factor Authentication, users are requried to input their password, plus an additional factor in order to login. This prevents a password leak or bad password from allowing a bad actor to gain access to your system.
Second Factor Methods
Files.com is unique in the industry in that it supports 4 separate sources for the second factor of Two-Factor Authentication.
The most secure option, and the option we recommend strongly, is to use dedicated Hardware devices as the second factor. Yubico, our favorite vendor of hardware keys, makes the Yubikey device, which is a second factor key that plugs in via USB port. Files.com supports the Yubikey in both U2F mode (which provides additional authentication) and its native mode.
Unique to Files.com, we support the Yubikey even via FTP, SFTP, and WebDAV integrations (i.e. non-browser interactions).
We also support any brand of hardware key that supports the U2F (also known as FIDO) standard for hardware two factor auth. U2F keys are available for as low as $9 each from Amazon or $20 from Yubico.
If you don’t want to issue hardware devices to your users, Files.com offers two additional options. One is via an Authenticator App that your users can install on their phones, such as Google Authenticator, Authy, or Duo.
The final method is via SMS, where we will send a unique code to their cell phone at each login.
Relative Security of Each Method
Each 2FA method has a slightly different security profile, and some are safer than others, but using 2FA at all is a huge improvement over not using it, regardless of which method you choose.
We believe that the safest method is a dedicated hardware device, followed by authenticator apps, followed by SMS. Authenticator apps are potentially vulnerable to anything that can attack the phone running the app, and SMS is vulnerable to various attacks that can be performed against cell phone networks themselves.
But again, we much prefer to see our customers using SMS Two-Factor Authentication vs. passwords only.
Pricing and Plans
On Files.com, two factor authentication is included in all plans up to a specific number of users with two factor activated. If you exceed your user two factor quota, we will require that you upgrade to the next highest plan. Our Enterprise Premier plan offers an unlimited number of seats for Two-Factor Authentication.