Xero

-

July 9, 2021

Understanding Two Factor Authentication

Shane Scott (our resident innovation guru) explains what two factor authentication is and why you should use it everywhere you can.

Shane Scott

Head of Process Technology

A little while ago I wrote a blog post where I explored why reusing passwords across websites is a terrible idea, and how password managers can help in managing our ever growing catalogue of online accounts. If you haven't read it, and like immature jokes made by an accountant (who doesn’t?), I highly recommend going back and giving it a read.

Well this time, I'm going to take two minutes of your time to explain what is two factor authentication, and why you should use it everywhere you can.

Let's start by going over a process everyone should be familiar with, logging into an Xero. When you log into Xero, it asks for two things, namely your email address, and password. For most of us, we wouldn't think twice about this until the day some hackerman hacks our online accounts (which is technically social engineering, a discussion for another time).

However, if we consider ahead of time that behind those two not so long strings of letters, is some of our most personal financial information, you start to reconsider how secure that password (you definitely don’t use anywhere else) really is. Especially considering that nobody knows your dog's name is Fido and you were born in 1993 (woo class of 2011)...

The system of logging in with a username and password can effectively be called one factor authentication. We authenticate by providing one thing to prove that it's who we say it is (our password). This is where two factor authentication comes into play. What two factor authentication (2FA) does to make this more secure, is by asking for something you know (password), and then for something you have. In most cases, the something you have will be a code generated by your phone that resets every 30 seconds.

That all sounds simple enough, but how is plugging in two strings of letters and numbers more secure than one? Let me run you through a scenario we can all relate too. Imagine we are over at a friends house, and we realise that we haven’t checked facebook in the last 3 minutes, and our phone is out of data. In such extreme circumstances, it is only natural to immediately steal your friends laptop and login to facebook to check that in fact the world hasn’t ended (phew that was close).

Inevitably, we wake up the next day to find that our name on facebook is now Shane Scottnofriends and our birthday is today (lucky me?). In the panic of the night before, we didn’t realise that Google Chrome had gone ahead and saved our facebook password to our friends computer.

Now, if we had 2FA turned on for our facebook account, even though our so called friend could try and login with our password, they would get nowhere without something we have (our phone).

Well why don’t we just use our phones to login all the time, and not use these silly passwords? Well that doesn’t work to great either when we leave our phone at the local and old mate Mick the bartender decides you didn’t tip him enough.

By using something we know hand in hand with something we have, we are able to beat 99% of wood be hackers.

Well, that wasn’t quite two minutes. But i hope that most of you will have a better appreciation for what Two Factor Authentication (2FA) is, and why you should use it in every place you can. If you have any questions about setting it up for your accounts, feel free to get in touch with me (Shane), or anyone else on the illumin8 team.

Xero

Xerocon 2023 Wrap!

Xerocon 2023 has been and gone and now and now it's time for our team to let you know a little about what they learned for you!

by Illumin8

Your Local Accountant

Xero

Xerocon. Part Two!

Part one was all about the speakers, this time, it's all about the tech! Check out the tech that peaked our teams interest at Xerocon.

by Illumin8

Your Local Accountant

Xero

Xerocon. Part One!

We hit up Xerocon a few weeks ago, so here's what we learned from some of the keynote speakers at the conference!

by Illumin8

Your Local Accountant

SIGN UP FOLKS

Get our monthly newsletter, full of sweet tips.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Andrew from Illumin8

If it sounds like we might make beautiful business together, why not get in contact and discuss your accounting and bookkeeping options with our team.

*PLEASE NOTE* We are currently only taking on clients that operate a business at this time. If you are on the lookout for an accountant to look after your individual return, we can connect you to a couple that we think are ace! 

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.