Business IT support
- Business IT support
  Providing clients with secure, scalable technology and IT solutions that ensure full business continuity, integration with whole-business processes, protection from cyber attacks and disaster recovery strategies
- Business continuity
  - Day-to-day protection, in addition to disaster recovery Planning business contin...
- Custom applications
  - Competitive advantage secured by coupling business vision with IT expertise Over...
- IT security for cybercrime protection
  - Implementing full-strength cybercrime protection Protection against cybercrime ...
- Internet telephone solutions - voice over IP
  - Reduce business costs with IP telephonyEven the humble phone system has transfor...
- Platform management solutions
  - Platform management - integrating and managing technologies While 'IT platforms'...
- Purchasing a PC or laptop - FAQs
  - Purchasing a new laptop or PC for the office? Get the most from your investment ...
- Service agreement contracts
  - Offering large-scale IT support to small and medium-sized businesses Enjoy the ...
- Support
  - Rapid IT support with a strong focus on quality, efficiency and outcomes IT Bas...
- Technology in education
  - Solutions for the modern school Developing IT solutions in the education sector ...
- Virtualisation solutions
  - Virtualisation - true business continuity, redundancy, scalability and disaster ...
- Working from home tech tips
  - Need to give your staff flexible work arrangements to work remotely from their h...
Web solutions
- Web solutions
  Offering all the skills for truly cutting edge, end-to-end website solutions: combining visual appeal and technical know-how to deliver mobile-first, fully responsive, SEO-ready websites integrated into your business processes
- Custom software and app development
  - Delivering cost savings, productivity gains and competitive advantage There are...
- Google ranking and SEO
  - Search engine optimisation (SEO) - achieving and holding good ranking Ranking w...
- Digital matters
  - Your online digital assets matter - make the most of them! Google My Business, ...
- Engage, educate, entertain with content that converts
  - Just flooding your feeds with large quantities of pervasive 'filler' no longer...
- Website design and development
  - Focussed on delivering outstanding SEO and user experience Websites are often th...
- Wordpress hosting and development
  - Robust, easy-to-use, Google-ready Wordpress websites Statistics show seventy-fi...
- Web support and maintenance
  - Modern websites are rarely 'set and forget' projects. The internet is a fast-pac...
- Sponsorships
  - Profit-for-purpose is part of the ethos at IT Basecamp. As part of this, we are ...
- Web Design Showcase
  - ...
- Increase SEO traffic!
Hosting & cloud
- Hosting & cloud
  A tech team with across-the-board IT skills brings the expertise to guide and support clients in taking best advantage of the myriad of IT technologies available - individualised solutions deliver real business results
- Cloud computing
  - Tailored cloud computing solutions the key to best results Any part of a corpor...
- Cloud service and email migrations
  - Email solutions need to be secure, redundant, efficient and have room to grow to...
- Data centre network solutions
  - Achieve a reliable, secure, economical data centre network solution By implement...
- Hosting
  - IT Basecamp's scalable systems cater for any type of website - basic information...
- Hybrid cloud solutions
  - Customised, best-fit hybrid cloud solutions A hybrid cloud solution is defined a...
- Office 365 and G Suite backups
  - SaaS Protection for G Suite and Microsoft 365: simple, automated and secure back...
- Workstation Cybersecurity package
  - Business protection against viruses and malware, plus backups, firewall protecti...
About
Tech Centre
Contact
Blog

Everything you need to know about 2FA

From emails and messages to corporate files and bank details, a lot of personal and sensitive information lies behind the protective shield of passwords. With data breaches on the rise, passwords can become an easy entry point for cybercriminals. Two-factor authentication (2FA), also known as multi-factor authentication, has emerged as a reliable method to secure your online accounts. It’s a simple but powerful tool to compensate for the vulnerabilities of traditional password logins, making it significantly harder for cybercriminals to gain unauthorised access to your personal or business accounts.

Find out:

How 2FA works
Why 2FA is effective
How to set up 2FA
2FA’s vulnerability

How 2FA works

As the name suggests, 2FA requires two different identification factors to log into an account. In most cases, it’s a combination of something you know (your password) and something you have (a code received on a device or in email/text, or biometric data like a fingerprint, face, or retina scan).

When you log into one of your online accounts, you are first asked to enter your username/email address and the password you have chosen for this account. With 2FA activated on your account, the system will prompt you for the second authentication factor. If ‘something you have’ is your second factor, you will receive a code or one-time password on your selected device.

This could be:

A code sent via SMS to a phone number you have selected
A code sent to your email address
A code generated in an authenticator app on a mobile device

Once you have successfully entered the second factor of authentication, the system will verify your identity and grant you access to your account. Logging in with multi-factor authentication takes a little longer, which can be frustrating, but it makes an enormous difference in keeping your digital assets safe. And when you compare the small frustration with the alternative of having money stolen from your bank account or your personal identity compromised, a little extra time becomes insignificant!

Why 2FA works and why it’s important

With cyber incidents on the rise, it has become essential to add 2FA to your accounts as an extra layer of protection as this example about a local tradie whose email account was compromised demonstrates. Even if you have a long and complex password, there are several vulnerabilities to it that a cybercriminal can exploit. Passwords can be stolen through phishing attacks, malware, or data breaches - often through no fault of your own and even in cases where you weren’t directly involved.

However, with 2FA enabled, even if cybercriminals discover your username and password, they won’t have access to the second factor required to log into your account. This added layer of security protects your personal and business accounts from attacks and makes it significantly harder for cybercriminals to obtain your data, likely leading them to move on to a more vulnerable target.

How to set up 2FA

The majority of online accounts will come with the option to set up some form of multi-factor authentication. When you log into an account look through the account settings (often under your profile icon in the top right-hand corner of the app you are trying to secure) and look for privacy settings. Find multi-factor or 2FA setup and follow the setup instructions. The process will always be essentially the same:

Agree to turn on multifactor authentication.
Select the format you would like to use to receive codes (authentication app, email address, text to a mobile number).
If you choose authenticator app, make sure the app is downloaded on your phone*, then open the app and select the option to add a new login (indicated by a + sign). Using the authenticator app scan the QR code offered by the account you are securing, or enter the provided setup code.
A code will be immediately sent to your nominated authentication method. Retrieve this code from either email/text or the authenticator app and enter it into the account setup page. This tests the setup and confirms that the 2FA connection is successful and will be required for future logins to the account.

IMPORTANT NOTE: Take the time to do the full setup and complete the backup recovery contacts and recovery codes offered. This step is important. If for some reason you lose access to one or other of your verification methods (you forget your password for example, or lose your phone) you WILL need a backup method. Once 2-factor authentication is set up your account is now secure, remember? You, too, will be denied access if you cannot properly verify your identity.

* If you choose to use an authentication app for receiving 2FA codes, Microsoft and Google both offer an app you can use for securing any account. Load one of the apps onto your phone from the PlayStore/Apple store and connect it to each of your accounts by using the app to scan the QR code provided during the 2FA setup process in whichever account you are securing.

What accounts should be secured?

Bank accounts should obviously be secured and banks often have proprietary systems for ensuring multi-factor authentication. But email and social media accounts are super important too. Hacking email accounts is a classic way cybercriminals gain personal information to scam or impersonate you. And social media accounts are a part of your personal identity. Particularly if your social media account is connected to your business Facebook page, having your access compromised can be dire. Imagine being locked out of your business Facebook account and having no control over how a cybercriminal changes your page’s content for all your customers to see - it happens! Anyone with admin access to a business page should have 2FA active on their personal profile.

2FA - so what’s the catch?

Nothing is ever perfect and multi-factor authentication is no exception. Cybercriminals have devised a method to fool even this previously bulletproof technology. It’s the human side of the 2FA process that has been targeted as the weakness. Criminals use phishing and impersonation techniques to fool users into clicking on fake links in email, text or messaging apps and through fake login pages manipulate the user into delivering the password AND 2FA code straight to the criminal … who then logs into the legitimate account.

The key is to remain knowledgeable and vigilant so you stay in control of your account logins and therefore stay secure. Find out how to spot and avoid these scams here.

Our cyber security services

For your business: Apart from enabling 2FA, there are several steps you can take to protect yourself and your business from cyber threats. To get expert advice on cyber security and implement security processes for your business, check out IT Basecamp’s cyber security concierge service Cyber Heroes.

For your family: For more information on cyber security measures and how to identify cyber threats, take our free Cyber Security Fundamentals course and read our blog on 2FA phishing attacks. Make sure to share this information with your colleagues and family members to protect yourself and others from cyber attacks.

ITBasecamp acknowledges the traditional owners and custodians of the country in this area and pay our respects to elders past, present and emerging. The South Coast of New South Wales where we live is Yuin country but indigenous people here come from a number of different groups including Brinja-Yuin, Budawang, Jerrinja, Murramarang, Walbunja, Wandandian and Wodi Wodi. We recognise their continuing connection and contribution to this land.