Two Factor Authentication (2FA) is an added layer of security to protect against unauthorised access to your personal accounts.
It requires a 2 step verification process to confirm the users identity before granting access to a particular online system.
Traditionally, users only needed to provide an email address and a password to login. This is known as single-factor authentication. Unfortunately, this simple approach makes it very easy for hackers to gain unauthorised access to online accounts.
Two Factor Authentication (2FA) has been introduced to safeguard user accounts, and has become a mandatory standard for many online systems.
Who uses 2FA?
You will find Banks, Government sites, and many private enterprises have implemented 2FA.
Banks quite often require the use of a security pin token (a unique code is sent to the token), or a SMS sent to your mobile phone. The code must be entered before gaining login access.
The Australian MyGov website sends a code by SMS to your mobile phone, or to the MyGov Code Generator app, if that option has been chosen by the user.
Accounting software such XERO and MYOB uses an Authentication app installed on a mobile phone to allow user access.
Many other software providers also require the use of 2FA for user login access.
What are the different types of 2FA?
There are numerous verification methods currently available, with the list likely to grow as technology advances. The most popular methods are:
- SMS code sent to your mobile phone.
- A unique code sent to your email address.
- A one-off code is generated by an Authentication app (e.g. Google Authenticator). Once the app is installed, it can be used for multiple accounts.
- Security pin token. These are usually account specific, i.e. bank account access.
- Smartcards requiring the user unlock the card with their pin or password.
- A USB security key. Works with multiple online accounts and devices.
- Answer security questions previously setup by the user.
- Answer questions from a voice call to your mobile phone.
- Fingerprint scan (a common feature with the latest mobile phones instead of securing the phone with a pin number).
- Voice recognition (e.g. a pre-recording of your voice is used for some Centrelink account access).
- Iris scan (eye scan, not commonly used).
How to enable 2FA?
The setup process for every method will be different, so be guided by the provider requesting the use of 2FA.
View this short video for an overview on setting up and using the Google Authenticator for Gmail.
2FA is much safer than passwords alone. It will make it much harder for a hacker to gain access to your accounts.
If a hacker is able to gain your security login details (user name and password), they will be unable to login because they won’t have access to your 2FA system.
With security becoming an increasing problem as technology grows, take the time to protect yourself, and your business against cyber-attacks by implementing this simple security method.
According to a recent study by the cybersecurity firm Symantec, 80% of all data breaches could be eliminated with the use of 2FA.
For more information: How to protect your business against cybercrime.