Requirement 8.3 requires two-factor authentication for remote access by personnel & third- party vendors accessing PCI environments systems
Standard: HIPAA HiTech
Implementing two-factor authentication is required for granting remote access to systems that contain EPHI.
Industry: Digital / Online Retail
With a recent string of retail industry breaches (Target, Neiman Marcus, Michaels, Home Depot, Sally Beauty, P.F. Chang’s, etc.), an official US-CERT alert has been released by the U.S. Department of Homeland Security warning against a new family of point-of-sale (POS) malware, and recommending the use of two-factor authentication for remote desktop access, including with VPNs.
Furthermore, for end-users accessing online/digital retail sites, the addition of 2FA for password resets and validation of transactions greatly reduce the incidence of fraud, both protecting the retailer and the end-user.
The US White House signed an executive order last October, which requires agencies to use multiple factors of authentication whenever using web applications to provide citizens with personal data.
Indian central bank, RBI mandates the use of two factor authentication for all IVR and mobile-based online payments above 2,000 Indian rupee
Two-Factor Authentication (2FA) has been mandated in Singapore for online banking transactions since December 2006.
Proactive individual security: Avoiding breaches
2FA can avoid incidences like: 150M people had details stolen during Adobe breach, 6M people from LinkedIn, frequent Twitter & social media account hacks and Contactless card frauds where stolen data was used to order goods worth 3,000 British pounds.