“Two factor, 2FA, two step verification, multi factor authentication, login approvals.” 

Whatever it’s called, many people are mystified by the security terminology used to describe an extra layer of security that can be used to prevent unauthorised access to many popular online systems.

Most people are familiar with standard login procedures that require you to submit an email address (or account username) and a password to access your email, Facebook or other popular platforms. But passwords can be easily forgotten or reused by people struggling to manage multiple login details at home and at work.

The downsides to relying on just passwords are numerous:

  • Accounts can be set up with a default password that is never changed;
  • Passwords can be shared by people or left vulnerable if written down on the sticky note attached to the computer screen or on an office whiteboard;
  • Account holders can chose usability over security and use the same password for every account they operate; and
  • Simple passwords can be subjected to ‘brute force attacks’ where thousands of common words or letter/number replacement formats can be tested automatically.

Go beyond the password…

‘Two factor’ may sound complex but it can boost your security by simply requiring something you know and something you have.

A good way of understanding how two step verification works is to think of your EFTPOS card – you have the plastic card (step 1) and must know the correct PIN (step 2) to use it. Every time you use EFTPOS to pay, the bank checks that the card and PIN match up and confirms that you are authorised to use your money.

You may already be using two factor security without realising it. Many NZ banks provide physical security tokens – little plastic keyfobs that generate numbers – or offer other methods to add another layer of security to internet banking activity.

The most popular method now offered by many providers is to send a ‘one time password’ (OTP) – a string of numbers of other short code – to the mobile phone number that is associated with the account holder.

Whilst this may sound like unnecessary complexity, NetSafe records many cases of hacked accounts every month where poor password practice might be to blame.

Setting up two factor security could prevent someone gaining access to your email address to send out spam and scam messages to friends and family or taking over your social media accounts to abuse others or rack up advertising costs on your linked credit card.

Adding another layer of security can also help defeat common phishing tactics should you accidentally send your username and password to a scam site operator.

Securing your most important accounts by linking your mobile phone number can take just a few minutes to set up and can often be used to alert you to odd account activity and prevent new devices being used to get access until they are approved by you.

More information: