To help improve cyber security, IT teams are increasingly asking for two-factor authentication (2FA) to be available on online accounts accessed by employees. But what is 2FA and how does it work?
What is two-factor authentication (2FA)?
Two-factor authentication – sometimes referred to as multi-factor, two-step or dual-factor authentication – is an extra layer of protection used to make sure online accounts are secure beyond just a username and password.
2FA strengthens the username and password model with a code that only a specific person (you) has access to. Typically the code is sent to something you have to hand, like a mobile. This authentication method can be easily summed up as a combination of “something you remember and something you have”.
Two-factor authentication is a combination of something you remember and something you have
A classic example of 2FA that we’ve been using for decades without realising is withdrawing money from a cash point. You need your bank card (something you have) and you need to enter your PIN code (something you remember) to be able to access your money.
But, as we now do most of our activity online, this process gives web services and online accounts extra protection by providing a second verification of the account owner (you) to double-check a login attempt. Normally this will involve a phone number, email address or authenticator app.
2FA is becoming increasingly popular and many online accounts are already using it, for example: online banks, AirBnB, Instagram, Amazon and Paypal, just to name a few.
How does two-factor authentication work?
You still login to your online account as you usually would using a username and password. You then use your device (such as a mobile) to verify your identity by either entering a unique code sent by an authenticator app/text message or clicking on a texted/emailed link.
Is two-factor authentication secure?
In short, yes. It provides an extra layer of protection to the standard username and password login. And as hackers learn new tricks, an extra step of security is always preferable. So even in the unlikely event someone managed to guess/know your username and password they still wouldn’t be able to access your online account as they don’t have access to the second trusted device.
It’s important to remember, while 2FA is a great additional step in protecting your account from being accessed by someone it shouldn’t, it doesn’t completely cloak you from potential hackers. So it’s important to stay aware when accessing personal information online.
Using two-factor authentication for employee communications
As organisations move their communications online – including employee communications – IT teams are increasingly asking for two-factor authentication to be added to internal accounts accessed by employees that have financial or personal information. Employee documents such as online payslips, P60s and reward statements all contain sensitive information that is valuable to hackers. So protecting this information is vital.
Two-factor authentication is available for our online employee communications portal, Epay. As mentioned before 2FA uses two different things to authenticate a person:
- Something a person remembers
- Something a person has
So for Epay, the thing an employee remembers is their username and password. The thing an employees has is a device (such as a mobile). This device will need an authenticator app installed on it which will receive a unique token generated by Epay and therefore linking the two together.
Epay’s 2FA will work with any authenticator app, but if you want to recommend any we use ‘Authy’.
Epay has three options for setting up 2FA:
- Enabled – employees can choose to replace security questions with 2FA if they want to
- Disabled – 2FA is not available for any employee
- Forced – employees have to use 2FA
Because our Epay portal is already protected by strong security defences, our advice is to let your employees decide whether they want to add two-factor authentication to their Epay portal. 2FA is a great security enhancement, but some employees, who are less tech-savvy, might struggle to use it, get frustrated and decide to not log in to Epay and not read the important documents and information you’re sharing.
We’d be more than happy to discuss with you how two-factor authentication works for our online employee communications portal, Epay. Book a no-obligation Epay demo here.