What is two-factor authentication (2FA)?
2FA is the addition of a second method of authenticating a user, on top of the standard username and password.
Often this will be in the form of a randomised code provided by an authentication service such as an app on your mobile phone, but in some situations it could be a fingerprint or voice recognition.
The UK National Cyber Security Centre suggests that having a second factor is such effective protection that it should be enabled wherever possible. This is especially true for web based services, such as email (e.g.: 365 or Gmail) and some accounting software.
It only takes a few more seconds to log in than just a username and password, however the security improvements are significant. 2FA requires users to install a free app on their mobile phone or to type in a code from a text message. If users don't have a mobile device they can usually receive a code via a traditional desk-phone.
Why is 2FA such a good idea?
Adding a second layer of authentication to your accounts is a great way of stopping criminals from accessing your financial and other company data.
One of the most important places to have this enabled is on your email account.
Hackers have many ways of finding out your logon details, from guessing basic passwords, to phishing emails designed to get you to type the details into a fake login page.
Once they have this information, they can log in as you, read your emails, harvest information and use your email account to send out more phishing emails.
How do I enable 2FA?
We would advise that as an absolute minimum, 2FA is enabled on any administrator and management accounts, but ideally all users should have 2FA.
If you would more information about turning on 2FA for your business, please get in touch with us and we can discuss the most suitable options for you.
Securing your accounts
At System 15 we take information security very seriously.
Our company is fully Cyber Essentials Certified and we have also achieved the IASME Standard.
When you partner with us, you can be assured that you are engaging with a highly qualified, experienced and fully accredited cyber security consultancy.
Please contact us if you need advice regarding 2FA or help with implementation.