SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
What is two factor authentication and why should you use it?
Tue, 8th Mar 2016
FYI, this story is more than a year old

Two factor authentication may sound complex, but it can boost your security across your devices, according to NetSafe.

“Two factor, 2FA, two step verification, multi factor authentication, login approvals. Whatever it's called, many people are mystified by the security terminology used to describe an extra layer of security that can be used to prevent unauthorised access to many popular online systems,”the internet safety watchdog says in a blog post.

Standard login procedures usually include an email address or username and a password combination. This type of login is common on email, Facebook and other popular platforms

However, with so many different platforms for personal use as well as platforms used for work, passwords can be easily forgotten.

According to NetSafe, the downsides to relying on just passwords are numerous:

  • Accounts can be set up with a default password that is never changed
  • Passwords can be shared by people or left vulnerable if written down on the sticky note attached to the computer screen or on an office whiteboard
  • Account holders can choose usability over security and use the same password for every account they operate
  • Simple passwords can be subjected to ‘brute force attacks' where thousands of common words or letter/number replacement formats can be tested automatically

NetSafe says two-factor authentication can boost a user's security by simply requiring something they know and something they have.

“A good way of understanding how two step verification works is to think of your EFTPOS card – you have the plastic card (step 1) and must know the correct PIN (step 2) to use it,” the organisation explains.

“Every time you use EFTPOS to pay, the bank checks that the card and PIN match up and confirms that you are authorised to use your money,” it says.

“You may already be using two factor security without realising it. Many NZ banks provide physical security tokens – little plastic keyfobs that generate numbers – or offer other methods to add another layer of security to internet banking activity,” NetSafe adds.

The most popular method now offered by many providers is to send a ‘one-time password' – a string of numbers of other short code – to the mobile phone number that is associated with the account holder.

Whilst this may sound like unnecessary complexity, NetSafe says it records many cases of hacked accounts every month where poor password practice might be to blame.

“Setting up two factor security could prevent someone gaining access to your email address to send out spam and scam messages to friends and family or taking over your social media accounts to abuse others or rack up advertising costs on your linked credit card,” NetSafe says.

It says adding another layer of security can also help defeat common phishing tactics should someone accidentally send their username and password to a scam site operator.

“Securing your most important accounts by linking your mobile phone number can take just a few minutes to set up and can often be used to alert you to odd account activity and prevent new devices being used to get access until they are approved by you,” NetSafe says.