sb-nz logo
Story image

The importance of two-factor authentication in banking & business

27 Nov 2017

New Zealanders should consider two-factor authentication as part of their everyday online interactions – or at least that’s the word from the New Zealand Bankers’ Association.

Two-factor authentication (2FA) can involve signing into an application or website by using a combination of methods, including passwords, SMS verification, email verification from a different account or biometrics such as fingerprints.

“In short, 2FA is an extra layer of protection on top of your password. With 2FA in place, if an attacker knows your password, they won’t necessarily be able to steal your money. It’s like having a second lock for your door,” explains New Zealand Bankers’ Association chief executive Karen Scott-Howman.

She says it is also important to protect passwords and PINs – but now most banks offer two-factor authentication.

These extra security methods can be applied to online banking access or to authorise transactions over certain limits, Scott-Howman explains.

“Banks do 2FA in different ways. Some send you codes by text message to approve certain transactions, while others use a device or token to provide an extra layer of security for you to access your accounts,” she says.

“It’s worth checking with your bank to see if they offer 2FA, and how to activate it.”

Two-factor authentication is one main focus point in this year’s Cyber Smart Week, which runs from November 27 to December 1.

The Week is organised by New Zealand’s Computer Emergency Response Team (CERT NZ) and Connect Smart.

CERT NZ says that people should be wary of ‘rogue codes’ – if people receive a code for an account they were not trying to access, someone else may be trying to access it. CERT NZ also says that many businesses don’t use two-factor authentication as part of their security – but this needs to change.

2FA can bring benefits including stronger login security, data theft reduction, user protection, a balance of security and usability if systems are prioritised correctly; flexibility for remote working; and it can be inexpensive to implement.

“If you're not sure where to start, think about which systems you connect to via the internet. Those are the systems that attackers can more easily get access and credentials from. Because they are easier to target, those are the systems that are most important to protect. These are likely to be webmail, a VPN or any other cloud-based services,” CERT NZ says.

“Two-factor authentication can’t be 'switched on' during or after an attack. Businesses need staff and customers to enable and use 2FA before an attack for it to be effective.”

Because two-factor authentication is not a fool-proof security measure, CERT NZ encourages businesses to use additional security practices.

Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Advanced threat actors engaged in cyberespionage up their game
"This recent activity signals a major leap in their abilities."More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
Gigamon & FireEye tackle security in hybrid cloud environments
The partnership is an extension to a ‘long-standing’ relationship that aims to ‘simplify, secure, and optimise hybrid cloud environments’.More