Passwords - they are both the saviour and bane of our modern world. We all want and need to protect our data, however the barrage of sites, apps and devices requiring unique and hard-to-guess passwords is frankly overwhelming. Most people will have experienced the frustration of being locked out of their own accounts by forgetting a login or password.
The common temptation to use an simple password, and then re-use it across many sites, puts us at high risk of cyber-attacks. Once obtained, this password will be all a hacker needs to access our digital lives, including identity and banking information. This is where two-factor authentication comes in.
What is two-factor authentication?
Two-factor authentication (2FA) – also known as multi-factor authentication or two-step verification – adds a second layer of protection to your accounts to strengthen your login. In the event your password becomes compromised, it would not be enough for an attacker to gain access to your online accounts.
Benefits of 2FA
Provides protection against hackers
Keeps online accounts safe
Protects your identity
Free and easy to set up
Available on most popular websites today
How does 2FA work?
2FA uses different forms of credentials to confirm it's really you.
Step (or factor) one is something you know, eg a PIN number or password. When this is accepted it will ask for step two to be entered, consisting of an additional code or unique identifier, in order to access your account.
Examples of factor two verifications include:
Something you have (hardware/ software) eg
A code sent to your phone via SMS
A physical token which generates a code
An app on your phone which generates a code
Something you are (biometrics) eg
Using more than one unique identifier reduces the chances a hacker can access your accounts, even if they successfully get past step one.
Where can I use 2FA?
Many of the world's largest websites and providers now offer 2FA on their user accounts, including:
Email accounts, eg Gmail, Outlook and Yahoo
Social media accounts, eg Facebook, Instagram, LinkedIn and Twitter
Online banking, eg ASB, ANZ and Westpac
Communication accounts, eg MailChimp, Skype and WhatsApp
Online shopping sites, eg Amazon, Apple and eBay
Many devices also support 2FA, including laptops, tablets, smartphones and some gaming consoles.
How do I set up 2FA?
Each site may vary in how they apply 2FA, but it usually takes only a matter of minutes set up and activate.
Check for 2FA under your online accounts' security settings, or search the directory of Turn It On, a dedicated 2FA resource site, to see which websites offer 2FA as a security option, and step-by-step instructions on how to enable 2FA on that site.
Tips for using 2FA
Once you have 2FA enabled, remember to:
Continue exercising best-practices for passwords and PINS:
- Don't share passwords/ PINS with other people
- Don't use passwords containing personal information
- Use a mixture of numbers, symbols and upper and lowercase letters
- Don't re-use passwords across multiple sites and devices
- Aim for passwords which are long, strong and unique (easy-to-remember = easy-to-guess!)
Keep any hardware used for your step two codes (phone, device or token) safe and secure
Change your password immediately if you receive a step two code you didn't instigate. It may mean someone has obtained step one (your password) and is attempting to access your account
Staying cyber-savvy can be tricky in this ever-changing technological landscape, so we encourage you to contact us if you are concerned about your cyber security.
Related articles - Here are some of our past blog posts we think you might also be interested in: