Why we need to embrace 2FA/Multi Factor Authentication Artwork

Need help - Ask Roger

The complex world of protecting your organisation from the internet-based cybercriminal can be daunting for most.As a C-level executive, manager, owner or board member of a not-for-profit organisation, a charity or a small or medium enterprise you are faced with a number of issues related to data.This podcast is here to help you, from simple solutions to complex strategies. It will address as many as possible.Business is all about risk, revenue, brand and productivity.A cyber event can impact all of them.

All Episodes

Need help - Ask Roger

Why we need to embrace 2FA/Multi Factor Authentication

November 08, 2021 • Director • Season 1 • Episode 2

Last episode we focused on the dreaded password

Where did they come from

Why do we use them,

Why they are important for protecting your stuff

What they are made up of and what not to use.

This episode of the Just the basics - Ask Roger we will focus on the addition of a third level of protection around your internet based sites and services

Access to every account has a username and password - who you are and what you know

The third layer is what you have and that is called multi factor authentication or 2 factor authentication

In the same area is also the wonderful capture system.

Username and password and now prove that you are human by answering this little puzzle - traffic light, hills which animal is the right way up.

Then there is the next one - how can a tick in a box prove that I am not a robot?

So this episode we are going to focus on 2 factor, multi factor authentication and captcha

Multi factor authentication

Why do we need another layer of authentication

Password stealing

Scams

MITM attacks

A warning system for criminals accessing your account

What is 2 factor / Multi factor Authentication

A technology that allows for a third level of information to gain access to an account

SMS,

authentication app,

dongle

How does it work

Association with an account

SMS - put in your mobile number

Authenticator app - usually a Qrcode

Dongle - set up by the organisation

Which way is best

All systems have vulnerabilities

Each has its own use

SMS can be used on non smart phones

Where does capture come into this

This is to counteract the automated systems

Used to prove that it is a human

You have to pick the 3 or 4 things that are right

The other one - I am not a robot relies on the browser content

Dos and don'ts

Do set up 2 FA

Do add 2FA to your accounts - website,

Do use 2FA on all admin accounts

Do not - Never give away the code

Do change your password if you receive a code and it was not you

If more than 2 people need access there are ways to set it up

Summary