It’s easy to add an extra layer of security to your accounts and devices by turning on two-step verification — also known as multi-factor, two-factor or two-step authentication. It takes just a few minutes to set up.
Passwords can be guessed or stolen. With two-factor authentication, even if an attacker gets your password, it won’t be enough to sign into your account.
Paul Macpherson, Xero’s head of security, says he can’t recommend it highly enough. “Even if they compromise your password, if you have two-step authentication enabled, it’s a really good roadblock to the bad guy getting into your account.”
You can use two-factor authentication to add security to most online accounts. Many providers offer it as an option within your settings. You can also set up two-step verification to access your devices — laptops, tablets, smartphones, and even some game consoles.
Two-factor authentication adds a second layer of identity verification to strengthen your login protection.
Your password is step or factor one. Step two locks in extra security. Common examples include:
Different sites do two-factor authentication in different ways, but it usually only takes a minute or so to set up. You’ll often find it in your account or security settings.
Once two-factor authentication is set up, you usually only have to authenticate yourself if you log into your account on a new device.
Check if your system enables two-factor authentication (external link) – twofactorauth.org
“If your email provider doesn’t offer two-step authentication, personally I’d be looking for another mail provider.”
People often share documents for work, so when Rupert received an email saying "click on the link to approve my document", he didn't think twice. Even though Rupert’s pretty tech savvy, he couldn’t see anything out of the ordinary – the link looked legitimate.
But his antivirus and firewall had other ideas. They were set off immediately, telling him someone was accessing his email from halfway around the world. Thankfully a quick round of changing passwords and a virus scan mean Rupert’s data was okay.
He reported the incident to CERT NZ who followed up and gave him some advice about turning on Two-Factor Authentication (2FA) on his email. 2FA is now helping to keep Rupert’s account safe; when he logs in he needs something he knows (a unique password) as well as something he has (his phone).
Report an incident (external link) – CERT NZ
CERT NZ and Connect Smart have teamed up for Cyber Smart Week, happening around New Zealand from 27 November to 1 December.
Cyber Smart Week (external link) – CERT NZ
It’s all about doing one thing that can make a big difference to your cyber security.
Here are some other easy things you can do:
Change your passwords. If you haven’t changed your passwords in a while, or someone who knows them has left your business, now’s the time to update them. Make sure your new passwords are long and strong, and unique to each online account.
Check your privacy settings. Adjust your privacy settings so you know exactly who can see what you post on social media.
Update your operating system. Keeping your operating system (OS) up to date is a really good way to defend against bugs and viruses.
IT and social media policy (external link) — Workplace Policy Builder
This self-assessment takes about 5 minutes to complete. At the end you get an action plan based on your answers.
How cyber secure is your business (external link) – Connect Smart