NSP Blog

Use 2fa / two-factor authentication to protect your accounts

Written by NSP Marketing | Oct 20, 2020 12:47:46 PM

When you log in to your accounts online, you mostly use a simple username and password combination to do so. Therefore, adding two-factor authentication to your login process is a simple way of adding an extra layer of security to your accounts. This article outlines how 2fa works, how it can benefit out and how to enable two-factor authentication (2fa).

The problem with relying on a username and password style of login is that you can’t always keep your password safe. Your password could be stolen through a scam, like phishing, or from a business you have an account with, if they have a data breach.

Find out more about phishing

How data breaches work

Adding another level of security with 2FA makes it harder for an attacker to access your online accounts, therefore just knowing your password isn’t enough, and, if you’re running a business, 2FA can also help you keep your business systems and data safe.

Find out about 2FA for business

How 2FA works

When you log in to an online account with a username and password, then you’re using what’s called single-factor authentication. You only need one thing and that’s your password which verifies that you are who you say you are.

With 2FA, you need to provide two things, your password and something else, so there’s that extra safety step in place before you can access an account. so, you can now authenticate (prove you are you) based on something you know, you have and you are.

Something you know could be your:

  • password
  • passphrase
  • security questions, or
  • PIN number.

Something you have could be:

  • a physical device, for example:
    • security tokens and fobs assigned to a specific person that generates a temporary access code, or
    • your phone, where you get a call back to press certain phone keys to grant access to an account
  • software, such as an application like Google Authenticator, that:
    • sends a notification to your smartphone, or
    • provides you with a temporary access code.

Something you are includes things like:

  • fingerprint scans, and
  • voice recognition.

A 2FA example

For example: with 2FA, if you want to log into one of your social media accounts, you might need both your password and a temporary access code from an app on your phone. That means that even if someone finds out what your password is, they can’t get into your account with that alone. They’d also need to have physical access to your phone so they can get the code, which isn’t very likely.

Tip

If you receive a temporary access code for an account you weren’t trying to log into, change your password. It could be that someone’s got your password details and they’re attempting to access that account without your knowledge.

 

Why do you need 2fa and how do you turn it on?

Download A3 [PDF, 61 KB]

Uses

You can enable 2FA on most of your online accounts, like your:

  • email accounts
  • social media networks
  • internet banking
  • online shopping sites.

You can also set 2FA up on your devices including on laptops, tablets, smartphones, and even some game consoles, but like any security measure, 2FA isn’t bulletproof, so make sure you’re still using strong passwords and have robust security settings on your devices and accounts.

See the Netsafe list of links for organisations offering instructional assistance for setting you up to be safer

Tip

It’s possible to intercept verification codes that are sent by text. While using 2FA via text is much safer than not using 2FA, if there’s a different method available then we would recommend using that instead.

How to turn 2FA on

You’ll often find the option to enable 2FA in the privacy settings of your online accounts, however some online services don’t call it two-factor authentication. Instead, you may hear it referred to as multi-factor authentication (MFA). Others use different terms, for example ‘security key’, when they’re talking about 2FA. Banks all enable their 2FA systems differently. Some will have different options depending on if you’re logging into your account on your desktop, laptop, or mobile device. Check your bank’s website to see what their 2FA options are, and how to set it up.

Privacy champions, pixelprivacy have a great blog detailing which global websites and apps offer the option to use 2FA, and gives instructions on how to set it up for each one.

*Article sourced from CERTNZ www.cert.govt.nz