From emails and messages to corporate files and bank details, a lot of personal and sensitive information lies behind the protective shield of passwords. With data breaches on the rise, passwords can become an easy entry point for cybercriminals. Two-factor authentication (2FA), also known as multi-factor authentication, has emerged as a reliable method to secure your online accounts. It’s a simple but powerful tool to compensate for the vulnerabilities of traditional password logins, making it significantly harder for cybercriminals to gain unauthorised access to your personal or business accounts.
Find out:
As the name suggests, 2FA requires two different identification factors to log into an account. In most cases, it’s a combination of something you know (your password) and something you have (a code received on a device or in email/text, or biometric data like a fingerprint, face, or retina scan).
When you log into one of your online accounts, you are first asked to enter your username/email address and the password you have chosen for this account. With 2FA activated on your account, the system will prompt you for the second authentication factor. If ‘something you have’ is your second factor, you will receive a code or one-time password on your selected device.
This could be:
Once you have successfully entered the second factor of authentication, the system will verify your identity and grant you access to your account. Logging in with multi-factor authentication takes a little longer, which can be frustrating, but it makes an enormous difference in keeping your digital assets safe. And when you compare the small frustration with the alternative of having money stolen from your bank account or your personal identity compromised, a little extra time becomes insignificant!
With cyber incidents on the rise, it has become essential to add 2FA to your accounts as an extra layer of protection as this example about a local tradie whose email account was compromised demonstrates. Even if you have a long and complex password, there are several vulnerabilities to it that a cybercriminal can exploit. Passwords can be stolen through phishing attacks, malware, or data breaches - often through no fault of your own and even in cases where you weren’t directly involved.
However, with 2FA enabled, even if cybercriminals discover your username and password, they won’t have access to the second factor required to log into your account. This added layer of security protects your personal and business accounts from attacks and makes it significantly harder for cybercriminals to obtain your data, likely leading them to move on to a more vulnerable target.
The majority of online accounts will come with the option to set up some form of multi-factor authentication. When you log into an account look through the account settings (often under your profile icon in the top right-hand corner of the app you are trying to secure) and look for privacy settings. Find multi-factor or 2FA setup and follow the setup instructions. The process will always be essentially the same:
IMPORTANT NOTE: Take the time to do the full setup and complete the backup recovery contacts and recovery codes offered. This step is important. If for some reason you lose access to one or other of your verification methods (you forget your password for example, or lose your phone) you WILL need a backup method. Once 2-factor authentication is set up your account is now secure, remember? You, too, will be denied access if you cannot properly verify your identity.
* If you choose to use an authentication app for receiving 2FA codes, Microsoft and Google both offer an app you can use for securing any account. Load one of the apps onto your phone from the PlayStore/Apple store and connect it to each of your accounts by using the app to scan the QR code provided during the 2FA setup process in whichever account you are securing.
Bank accounts should obviously be secured and banks often have proprietary systems for ensuring multi-factor authentication. But email and social media accounts are super important too. Hacking email accounts is a classic way cybercriminals gain personal information to scam or impersonate you. And social media accounts are a part of your personal identity. Particularly if your social media account is connected to your business Facebook page, having your access compromised can be dire. Imagine being locked out of your business Facebook account and having no control over how a cybercriminal changes your page’s content for all your customers to see - it happens! Anyone with admin access to a business page should have 2FA active on their personal profile.
Nothing is ever perfect and multi-factor authentication is no exception. Cybercriminals have devised a method to fool even this previously bulletproof technology. It’s the human side of the 2FA process that has been targeted as the weakness. Criminals use phishing and impersonation techniques to fool users into clicking on fake links in email, text or messaging apps and through fake login pages manipulate the user into delivering the password AND 2FA code straight to the criminal … who then logs into the legitimate account.
The key is to remain knowledgeable and vigilant so you stay in control of your account logins and therefore stay secure. Find out how to spot and avoid these scams here.
For your business: Apart from enabling 2FA, there are several steps you can take to protect yourself and your business from cyber threats. To get expert advice on cyber security and implement security processes for your business, check out IT Basecamp’s cyber security concierge service Cyber Heroes.
For your family: For more information on cyber security measures and how to identify cyber threats, take our free Cyber Security Fundamentals course and read our blog on 2FA phishing attacks. Make sure to share this information with your colleagues and family members to protect yourself and others from cyber attacks.