Two Factor Authentication (2FA)

Mar 5, 2019, 9:48 AM

Securing your online accounts used to be easy - use the same password for each site and forget about it. Today most of our organisation is online (bank, ordering, shopping, communication) it is essential that no-one else can get access.

Passwords are annoying because if they are good we can't remember them and if they are bad then we can! To suppliment passwords there is another level of security that has now been widely implemented and that is 2 factor authentication (2FA). 2FA is just a fancy way of saying "another way you must authenticate yourself". So once you have put your password in, it then prompts you for a code that either comes from an SMS to your phone or a One Time Password (OTP) application.

2 Factor Authentication over SMS has been exploited and broken already, but it still seems to be popular and in-use by a lot of the banks in NZ. A better way of doing 2FA is to use a One Time Password (OTP) application. An OTP application allows a shared key to be entered - either manually or using QR code, and then the OTP codes are generated by this key and they change every 30 seconds.

For websites that we build that must have strict and secure user login access 2FA is the industry standard 

Google make a good simple authenticator app that you can install on Android and IOS