In 2004 Bill Gates predicted the extinction of the login and password. He stated that passwords will not be able to “meet the challenge” of ensuring your information is secure. He was spot on, yet in 2017 we regularly see people logging in with “Password”, “Welcome”, “123456”, etc. We also see nice complex passwords written down on a sticky note attached to their screens.
Almost every week in the news we see reports of data breaches, systems being hacked, identity theft, ransomware attacks and the list goes on. Many of these attacks could have been avoided by using two and three factor authentication principals.
What is Two Factor Authentication (2FA)?
Two factor authentication (2FA) goes beyond the basic login and password by requesting additional forms of authentication before you’re given access to your account. These additional forms of authentication could be a code sent to a smartphone app, text message, email, fingerprint or smart card.
The security principals behind 2FA are:
- Something you know (Login and Password)
- Something you have or possess (Smartphone)
Many of you will already be using two factor authentication, most likely with your bank, however when you start writing down other accounts without two factor authentication, it ends up being a very long list. The below list of online providers should get you started on your more secure journey. Many already have sites with more information and guides.
- Accounting software – Xero, MYOB, Quickbooks
- Telcos – Telstra, Optus, Vodafone, Virgin Mobile
- Energy suppliers
- Superannuation Funds
Three Factor Authentication (3FA)
Building on the security principals above, 3FA adds another layer of authentication which is based on the principal below.
- Something you are (Fingerprint, Facial recognition, Retina scan, etc)
We’re already seeing the “Something you are” principal replacing other bio security systems in modern devices. A recent example is the new iPhone where the facial recognition is replacing the Touch ID system.
We always recommend protecting your accounts using two factor authentication as a minimum, however this should only form part of your overall cyber security strategy. Focusing on areas are often forgotten is your disaster recovery plan because we want to be sure that your business can recover quickly.
If you would like to know how to protect your business then please contact us on 1300 685 886 or email@example.com.