Story image

The importance of two-factor authentication in banking & business

27 Nov 17

New Zealanders should consider two-factor authentication as part of their everyday online interactions – or at least that’s the word from the New Zealand Bankers’ Association.

Two-factor authentication (2FA) can involve signing into an application or website by using a combination of methods, including passwords, SMS verification, email verification from a different account or biometrics such as fingerprints.

“In short, 2FA is an extra layer of protection on top of your password. With 2FA in place, if an attacker knows your password, they won’t necessarily be able to steal your money. It’s like having a second lock for your door,” explains New Zealand Bankers’ Association chief executive Karen Scott-Howman.

She says it is also important to protect passwords and PINs – but now most banks offer two-factor authentication.

These extra security methods can be applied to online banking access or to authorise transactions over certain limits, Scott-Howman explains.

“Banks do 2FA in different ways. Some send you codes by text message to approve certain transactions, while others use a device or token to provide an extra layer of security for you to access your accounts,” she says.

“It’s worth checking with your bank to see if they offer 2FA, and how to activate it.”

Two-factor authentication is one main focus point in this year’s Cyber Smart Week, which runs from November 27 to December 1.

The Week is organised by New Zealand’s Computer Emergency Response Team (CERT NZ) and Connect Smart.

CERT NZ says that people should be wary of ‘rogue codes’ – if people receive a code for an account they were not trying to access, someone else may be trying to access it.

CERT NZ also says that many businesses don’t use two-factor authentication as part of their security – but this needs to change.

2FA can bring benefits including stronger login security, data theft reduction, user protection, a balance of security and usability if systems are prioritised correctly; flexibility for remote working; and it can be inexpensive to implement.

“If you're not sure where to start, think about which systems you connect to via the internet. Those are the systems that attackers can more easily get access and credentials from. Because they are easier to target, those are the systems that are most important to protect. These are likely to be webmail, a VPN or any other cloud-based services,” CERT NZ says.

“Two-factor authentication can’t be 'switched on' during or after an attack. Businesses need staff and customers to enable and use 2FA before an attack for it to be effective.”

Because two-factor authentication is not a fool-proof security measure, CERT NZ encourages businesses to use additional security practices.

SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.
What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”