Story image

The importance of two-factor authentication in banking & business

27 Nov 2017

New Zealanders should consider two-factor authentication as part of their everyday online interactions – or at least that’s the word from the New Zealand Bankers’ Association.

Two-factor authentication (2FA) can involve signing into an application or website by using a combination of methods, including passwords, SMS verification, email verification from a different account or biometrics such as fingerprints.

“In short, 2FA is an extra layer of protection on top of your password. With 2FA in place, if an attacker knows your password, they won’t necessarily be able to steal your money. It’s like having a second lock for your door,” explains New Zealand Bankers’ Association chief executive Karen Scott-Howman.

She says it is also important to protect passwords and PINs – but now most banks offer two-factor authentication.

These extra security methods can be applied to online banking access or to authorise transactions over certain limits, Scott-Howman explains.

“Banks do 2FA in different ways. Some send you codes by text message to approve certain transactions, while others use a device or token to provide an extra layer of security for you to access your accounts,” she says.

“It’s worth checking with your bank to see if they offer 2FA, and how to activate it.”

Two-factor authentication is one main focus point in this year’s Cyber Smart Week, which runs from November 27 to December 1.

The Week is organised by New Zealand’s Computer Emergency Response Team (CERT NZ) and Connect Smart.

CERT NZ says that people should be wary of ‘rogue codes’ – if people receive a code for an account they were not trying to access, someone else may be trying to access it.

CERT NZ also says that many businesses don’t use two-factor authentication as part of their security – but this needs to change.

2FA can bring benefits including stronger login security, data theft reduction, user protection, a balance of security and usability if systems are prioritised correctly; flexibility for remote working; and it can be inexpensive to implement.

“If you're not sure where to start, think about which systems you connect to via the internet. Those are the systems that attackers can more easily get access and credentials from. Because they are easier to target, those are the systems that are most important to protect. These are likely to be webmail, a VPN or any other cloud-based services,” CERT NZ says.

“Two-factor authentication can’t be 'switched on' during or after an attack. Businesses need staff and customers to enable and use 2FA before an attack for it to be effective.”

Because two-factor authentication is not a fool-proof security measure, CERT NZ encourages businesses to use additional security practices.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.