What is two-factor authentication?
Also known as, 2FA, or multi-factor authentication- it is a method of identity verification using two different components, such as a password and security token or one-time pin (OTP) sent to your mobile device. This method combines something you have (a token or OTP) with something you know (a password). Two-factor authentication is more effective in securing account access than a password alone, making it more difficult for criminals to access your data/accounts.
Scammers often use malware, phony websites, and other methods to crack a password. Many people use the same password on multiple websites and 46% use passwords that are at least five years old. In addition, 64% of millennials have had their online and mobile accounts compromised. More than three billion usernames and passwords were stolen in 2016, and Business Insider reported in November 2017* that there are 1.9 billion stolen passwords and usernames available on the black market, and up to 25% of them will still work on a Google account.
2018 certainly isn’t much better with daily reports on hacking of passwords and user identities from many high profile organisations including: The British National Health Service; British Airways; and Liberty Life in South Africa – to name just a few.
So what can you do to help secure your data?
CaseWare has revolutionised the way you manage your engagement Information online with the help of CaseWare cloud. To ensure that your information and other related data on CaseWare Cloud remains well protected, CaseWare introduced two factor authentication to provide an additional safeguard to users when they log in.
It also integrates with your CaseWare Working Papers when you assimilate it into your instance of CaseWare cloud. This means that you and everyone in your team who has access to your cloud do not need to set up a separate protection setup of username and password. Simply use your CaseWare cloud credentials.
How does it work?
Two-Factor Authentication is a security feature that requires you as a user to supply three things when logging in:
- Your CaseWare Cloud username
- Your password
- A once off One Time Pin (OTP), sent as a text message (Also known as an SMS) to the user's mobile phone.
Users will supply their login username and password, which will trigger Two-Factor Authentication. A screen will prompt the user to refer to a text message that is being sent to their mobile phone containing their OTP. Once this OTP is entered, the user gains access to their CaseWare cloud profile. This method helps to ensure that you are the only person who can access your CaseWare Cloud account, even if someone else manages to get access to your password.
How does my CaseWare Administrator activate this security feature?
Your company’s CaseWare Cloud Administrator (who can be the CaseWare champion as well), will enable Two-Factor Authentication on your cloud's instance via the settings menu. In addition to ensuring that this feature is enabled, he/she will also need to ensure that all users have the correct mobile phone number captured on their profile. This is because Two-Factor Authentication will use your user's mobile number to send text messages containing the secure OTP for logging in.
What else can I do to protect my data?
A simple starting point is to change your passwords—regularly! Passwords are identified as a very weak means of authentication especially when used as the only protection against phishing attacks.
What you really need is a second factor of authentication. That's why many internet services, a number of which have felt the pinch of being hacked themselves have embraced two-factor authentication for their users. Global organisations including: Yahoo; Google; Facebook and many financial institutions have all embraced the two factor authentication system.
Biometric systems** which include: scanners for fingerprints; retinal scanning or face recognition systems are also growing in use due to innovations including: the iPhone X's Face ID and Windows Hello. In most cases, including two factor authentications for your Google account and other popular services is simply a numeric OTP - a few digits sent to your phone, which can only be used once.
Many online services such as Dropbox, Facebook, Google and Instagram let you create backup OTPs, which you can print out or screenshot. That way if you lose your phone or don't have a cell signal, you can use a backup OTP as a second authentication factor to log in. If you keep printouts of your back-up OTPs, just make sure you keep them in a very secure place.
Is two factor authentication the security silver bullet for safe data?
No security product can claim to offer fool proof protection, but by combining two of the above three types of authentication, and changing your passwords regularly; two factor authentication makes it harder to get into your account. You not only make your accounts more difficult to attack, but you also make them less attractive targets.