Story image

What is two factor authentication and why should you use it?

08 Mar 16

Two factor authentication may sound complex, but it can boost your security across your devices, according to NetSafe.

“Two factor, 2FA, two step verification, multi factor authentication, login approvals. Whatever it’s called, many people are mystified by the security terminology used to describe an extra layer of security that can be used to prevent unauthorised access to many popular online systems,”the internet safety watchdog says in a blog post.

Standard login procedures usually include an email address or username and a password combination. This type of login is common on email, Facebook and other popular platforms

However, with so many different platforms for personal use as well as platforms used for work, passwords can be easily forgotten.

According to NetSafe, the downsides to relying on just passwords are numerous:

  • Accounts can be set up with a default password that is never changed
  • Passwords can be shared by people or left vulnerable if written down on the sticky note attached to the computer screen or on an office whiteboard
  • Account holders can choose usability over security and use the same password for every account they operate
  • Simple passwords can be subjected to ‘brute force attacks’ where thousands of common words or letter/number replacement formats can be tested automatically

NetSafe says two-factor authentication can boost a user’s security by simply requiring something they know and something they have.

“A good way of understanding how two step verification works is to think of your EFTPOS card – you have the plastic card (step 1) and must know the correct PIN (step 2) to use it,” the organisation explains.

“Every time you use EFTPOS to pay, the bank checks that the card and PIN match up and confirms that you are authorised to use your money,” it says.

“You may already be using two factor security without realising it. Many NZ banks provide physical security tokens – little plastic keyfobs that generate numbers – or offer other methods to add another layer of security to internet banking activity,” NetSafe adds.

The most popular method now offered by many providers is to send a ‘one-time password’ – a string of numbers of other short code – to the mobile phone number that is associated with the account holder.

Whilst this may sound like unnecessary complexity, NetSafe says it records many cases of hacked accounts every month where poor password practice might be to blame.

“Setting up two factor security could prevent someone gaining access to your email address to send out spam and scam messages to friends and family or taking over your social media accounts to abuse others or rack up advertising costs on your linked credit card,” NetSafe says.

It says adding another layer of security can also help defeat common phishing tactics should someone accidentally send their username and password to a scam site operator.

“Securing your most important accounts by linking your mobile phone number can take just a few minutes to set up and can often be used to alert you to odd account activity and prevent new devices being used to get access until they are approved by you,” NetSafe says.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.