Two factor authentication, multi factor authentication, two step authentication, 2FA … whatever name you want to give it, you should be using it!
We live in a world where we’re increasingly online. This means that your personal information and business data can potentially be at risk. We need to take as many steps as possible to mitigate that risk. One of the simplest things to do is initiate two-factor authentication (2FA).
What is Two Factor Authentication?
Most websites and applications that you log into require you to log in with at least a username and password. 2FA adds a second level of authentication to the login process. Entering a username and password is considered a single factor authentication.
Many times your username isn’t that difficult to crack (often it’s your email address or first and last name). And depending on your password policy, your password can sometimes be pretty easy to crack too for those who are trying hard enough. Evidence shows that crooks are obtaining usernames and logins from any one of many sources. Many users utilise the same password for multiple applications so if they can get into one application, they can potentially get into many. They then use what is known as a “credential stuffing” technique to gain access (ie. They throw many usernames and passwords at the login for a machine or application to gain access). Two factor authentication removes this access and requires you to have more credentials to log into an account than just a username and password. Two factor authentication has been around for many years and we are used to using it for banking and interacting with government departments.
It’s our policy, and our recommendation to you, that any application or site where you log into and two factor authentication is available – enable it! Enable it for every sign in. If you’re using software or other applications that do not currently offer two factor authentication, get on their forums or feedback areas to request this feature or find out when it’s coming.
In Xero you have the option to turn on two factor authentication. Simply log in, go to your Account settings, and enable. You can download the Google Authenticator to your phone and whenever you log into Xero using your username and password, you’ll also enter the continually changing number generated by the Google Authenticator (Google Authenticator is one option, not the only option). You can set up some security questions that can be answered for instances where you’re unable to access the Google Authenticator and still log in to your account. You’ll also be given the option to store the code for 30 days – it’s not our policy to do this. However, if you’re on your own computer in your office that’s not accessed by anybody else, there may be some level of safety in doing this. If you’re on a public computer or others have access to it, then we do not recommend this option.
Consider all the applications and websites that you log into – when you do this exercise you’ll discover that there are a lot! See if two factor authentication is an option. If it is, turn it on! If it isn’t, consider your username and password policy. Sometimes you have no option with the username, but you can certainly increase the security of your password … but that’s another conversation entirely!