Story image

The importance of two-factor authentication in banking & business

27 Nov 2017

New Zealanders should consider two-factor authentication as part of their everyday online interactions – or at least that’s the word from the New Zealand Bankers’ Association.

Two-factor authentication (2FA) can involve signing into an application or website by using a combination of methods, including passwords, SMS verification, email verification from a different account or biometrics such as fingerprints.

“In short, 2FA is an extra layer of protection on top of your password. With 2FA in place, if an attacker knows your password, they won’t necessarily be able to steal your money. It’s like having a second lock for your door,” explains New Zealand Bankers’ Association chief executive Karen Scott-Howman.

She says it is also important to protect passwords and PINs – but now most banks offer two-factor authentication.

These extra security methods can be applied to online banking access or to authorise transactions over certain limits, Scott-Howman explains.

“Banks do 2FA in different ways. Some send you codes by text message to approve certain transactions, while others use a device or token to provide an extra layer of security for you to access your accounts,” she says.

“It’s worth checking with your bank to see if they offer 2FA, and how to activate it.”

Two-factor authentication is one main focus point in this year’s Cyber Smart Week, which runs from November 27 to December 1.

The Week is organised by New Zealand’s Computer Emergency Response Team (CERT NZ) and Connect Smart.

CERT NZ says that people should be wary of ‘rogue codes’ – if people receive a code for an account they were not trying to access, someone else may be trying to access it.

CERT NZ also says that many businesses don’t use two-factor authentication as part of their security – but this needs to change.

2FA can bring benefits including stronger login security, data theft reduction, user protection, a balance of security and usability if systems are prioritised correctly; flexibility for remote working; and it can be inexpensive to implement.

“If you're not sure where to start, think about which systems you connect to via the internet. Those are the systems that attackers can more easily get access and credentials from. Because they are easier to target, those are the systems that are most important to protect. These are likely to be webmail, a VPN or any other cloud-based services,” CERT NZ says.

“Two-factor authentication can’t be 'switched on' during or after an attack. Businesses need staff and customers to enable and use 2FA before an attack for it to be effective.”

Because two-factor authentication is not a fool-proof security measure, CERT NZ encourages businesses to use additional security practices.

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.