Cyber-hacker wearing hoodie working on laptop behind closed iron gates

Passwords - they are both the saviour and bane of our modern world. We all want and need to protect our data, however the barrage of sites, apps and devices requiring unique and hard-to-guess passwords is frankly overwhelming. Most people will have experienced the frustration of being locked out of their own accounts by forgetting a login or password.

The common temptation to use an simple password, and then re-use it across many sites, puts us at high risk of cyber-attacks. Once obtained, this password will be all a hacker needs to access our digital lives, including identity and banking information. This is where two-factor authentication comes in.

What is two-factor authentication?

Two-factor authentication (2FA) – also known as multi-factor authentication or two-step verification – adds a second layer of protection to your accounts to strengthen your login. In the event your password becomes compromised, it would not be enough for an attacker to gain access to your online accounts.

Benefits of 2FA

  • Provides protection against hackers

  • Keeps online accounts safe

  • Protects your identity

  • Free and easy to set up

  • Available on most popular websites today

How does 2FA work?

2FA uses different forms of credentials to confirm it's really you.

Step (or factor) one is something you know, eg a PIN number or password. When this is accepted it will ask for step two to be entered, consisting of an additional code or unique identifier, in order to access your account.

Examples of factor two verifications include:

Something you have (hardware/ software) eg

  • A code sent to your phone via SMS

  • A physical token which generates a code

  • An app on your phone which generates a code

Something you are (biometrics) eg

  • A fingerprint or retina scan

  • Voice recognition

Using more than one unique identifier reduces the chances a hacker can access your accounts, even if they successfully get past step one.

Where can I use 2FA?

Many of the world's largest websites and providers now offer 2FA on their user accounts, including:

  • Email accounts, eg Gmail, Outlook and Yahoo

  • Social media accounts, eg Facebook, Instagram, LinkedIn and Twitter

  • Online banking, eg ASB, ANZ and Westpac

  • Communication accounts, eg MailChimp, Skype and WhatsApp

  • Online shopping sites, eg Amazon, Apple and eBay

Many devices also support 2FA, including laptops, tablets, smartphones and some gaming consoles.

How do I set up 2FA?

Each site may vary in how they apply 2FA, but it usually takes only a matter of minutes set up and activate.

Check for 2FA under your online accounts' security settings, or search the directory of Turn It On, a dedicated 2FA resource site, to see which websites offer 2FA as a security option, and step-by-step instructions on how to enable 2FA on that site.

Tips for using 2FA

Once you have 2FA enabled, remember to:

  • Continue exercising best-practices for passwords and PINS:

    1. Don't share passwords/ PINS with other people
    2. Don't use passwords containing personal information
    3. Use a mixture of numbers, symbols and upper and lowercase letters
    4. Don't re-use passwords across multiple sites and devices
    5. Aim for passwords which are long, strong and unique (easy-to-remember = easy-to-guess!)
  • Keep any hardware used for your step two codes (phone, device or token) safe and secure

  • Change your password immediately if you receive a step two code you didn't instigate. It may mean someone has obtained step one (your password) and is attempting to access your account

Staying cyber-savvy can be tricky in this ever-changing technological landscape, so we encourage you to contact us if you are concerned about your cyber security.

Related articles - Here are some of our past blog posts we think you might also be interested in:

Silver three-way fishing hook with blue Xero logo hooked on one

Xero or Zero? Phishing scams claiming to come from Xero accounting software

Close-up of digital screen show blue padlock icons, binary code lines, and words like 'protection', 'data', and 'security'

Scam alert from Inland Revenue, and tips on safeguarding your identity

Rustic wooden 'Gone Phishing' plaque mounted on a horizontal plank with twisted wire

Gone phishing - how to spot a scam before it spots you!