Using Two-factor Authentication

Insurance expert using a mobile phone with Two-Factor Authentication

Cyber-security is an essential part of risk management for organisations of all types and sizes. To avoid the potential consequences of a cyber-attack or data breach, employers should strongly consider utilising two-factor authentication.

Two-factor authentication provides an extra layer of security when employees or other users attempt to log in to an organisation’s services, systems or networks. In addition to being asked to enter a password, two-factor authentication also requires a second form of confirmation—even strong passwords can be stolen by hackers. Without a second form of proof being required, these cyber-criminals could potentially gain access to important accounts, private systems, customer files and other sensitive information.

There are a number of different options to consider when it comes to implementing two-factor authentication, including:

  • Text messages—By providing a mobile phone number, online services can send users a code that must then be entered to finish the login process. Some services may also be able to provide a voice message instead. It’s worth noting that text messages may not be the safest form of two-factor authentication, as it’s possible for cyber-criminals to gain access to a mobile device, SIM card or mobile network.
  • Authenticator apps—These apps for mobile phones or tablets are the most common alternative means of two-factor authentication aside from text messages. These apps, such as the Google Authenticator and Microsoft Authenticator, are compatible with many different online services. This option may be advantageous for some employers as, unlike text messages, they do not require a mobile signal.
  • Backup codes—Some online services will provide users with a list of backup codes to use for future logins. This method may be useful if users expect not to have reliable access to a mobile phone. While using this type of two-factor authentication, users should note that each code can only be used once. Lists of backup codes should be stored in secure locations. If a list were to fall into the wrong hands, security would be severely compromised.


The National Cyber Security Centre recommends organisations at least set up two-factor authentication for any ‘high value’ accounts that protect important information. It’s also recommended that email accounts be protected in this manner. Cyber-criminals who hack into an email account may then be able to use that access to reset passwords for other services.


For more information on cyber-security, contact us today.