Skip to main content

In association with

 

Two-factor authentication: Secure your email and data

It’s easy to add an extra layer of security to your accounts and devices by turning on two-step verification — also known as multi-factor, two-factor or two-step authentication. It takes just a few minutes to set up.

Passwords can be guessed or stolen. With two-factor authentication, even if an attacker gets your password, it won’t be enough to sign into your account.

Paul Macpherson, Xero’s head of security, says he can’t recommend it highly enough. “Even if they compromise your password, if you have two-step authentication enabled, it’s a really good roadblock to the bad guy getting into your account.”

You can use two-factor authentication to add security to most online accounts. Many providers offer it as an option within your settings. You can also set up two-step verification to access your devices — laptops, tablets, smartphones, and even some game consoles.

What is two-factor authentication?

Two-factor authentication adds a second layer of identity verification to strengthen your login protection.

Your password is step or factor one. Step two locks in extra security. Common examples include:

  • a code sent to your phone via SMS
  • a physical token or app on your phone that generates a code
  • a fingerprint scan or voice recognition.

Two-factor authentication (external link) — CERT NZ

How to set it up

Different sites do two-factor authentication in different ways, but it usually only takes a minute or so to set up. You’ll often find it in your account or security settings.

Once two-factor authentication is set up, you usually only have to authenticate yourself if you log into your account on a new device.

Check if your system enables two-factor authentication (external link) – twofactorauth.org

How to turn on two-factor authentication for popular sites (external link) – turnon2fa.com

“Two-step authentication is a fantastic protection for preventing people getting access to your accounts,” says Xero’s Paul Macpherson.

“Two-step authentication is a fantastic protection for preventing people getting access to your accounts,” says Xero’s Paul Macpherson.

“If your email provider doesn’t offer two-step authentication, personally I’d be looking for another mail provider.”

Webinar: Staying safe with email

cyberbot

Case study

2FA is twice as good

People often share documents for work, so when Rupert received an email saying "click on the link to approve my document", he didn't think twice. Even though Rupert’s pretty tech savvy, he couldn’t see anything out of the ordinary – the link looked legitimate.

But his antivirus and firewall had other ideas. They were set off immediately, telling him someone was accessing his email from halfway around the world. Thankfully a quick round of changing passwords and a virus scan mean Rupert’s data was okay.

He reported the incident to CERT NZ who followed up and gave him some advice about turning on Two-Factor Authentication (2FA) on his email. 2FA is now helping to keep Rupert’s account safe; when he logs in he needs something he knows (a unique password) as well as something he has (his phone).

Report an incident (external link) – CERT NZ

Other quick ways to be cyber smart

CERT NZ and Connect Smart have teamed up for Cyber Smart Week, happening around New Zealand from 27 November to 1 December.

Cyber Smart Week (external link) – CERT NZ

It’s all about doing one thing that can make a big difference to your cyber security.

Here are some other easy things you can do:

Change your passwords. If you haven’t changed your passwords in a while, or someone who knows them has left your business, now’s the time to update them. Make sure your new passwords are long and strong, and unique to each online account.

How to create a good password (external link) – CERT NZ

Check your privacy settings. Adjust your privacy settings so you know exactly who can see what you post on social media.

Update your operating system. Keeping your operating system (OS) up to date is a really good way to defend against bugs and viruses.

Get started with cyber security (external link) – CERT NZ

IT and social media policy (external link) — Workplace Policy Builder

Test yourself: How cyber secure is your business?

Test yourself: How cyber secure is your business?

This self-assessment takes about 5 minutes to complete. At the end you get an action plan based on your answers.

How cyber secure is your business (external link) – Connect Smart

How useful did you find this article?