Two-factor authentication (2FA) is a strengthened method for securing your access to and use of internet banking, and is now an essential part of security for personal finances in Malaysia.
The process requires the user to supply two forms of identity. One of these is often a tangible token that creates a one-time password. The second is usually something you memorise, such as your username, password, or organisation ID.
2FA is crucial to web security as it reduces the risks connected with compromised passwords. If it is stolen, phished, or even guessed, a password alone will not be able to grant someone access without second-factor authorisation.
Some authorities are considering making selected industries comply with 2FA requirements, while others may follow suit as concerns about cybersecurity continue to rise and cyberattacks become more frequent.
Even if it’s not mandated, regular password management can help stop intruders from accessing password-protected data within your company, ensuring the secrecy and integrity of its credentials.
Organisations should consider drafting a company-wide policy that requires employees to regularly update their passwords, refrain from using the same password for several accounts, and include distinct characters.
Common 2FA approaches
1. SMS 2FA
When you enable 2FA via SMS messaging, you will be prompted to enter a mobile phone number on a website or app.
The next time you use your username and password to log in, you’ll also be required to enter a short code – often between five and six digits – that will be texted to your phone.
This option is popular with websites as it doesn’t call for the downloading of an app. Compared with merely using a username and password, it offers a huge improvement in account security.
2. Authenticator apps / TOTP 2FA
An authenticator app is usually installed on a smartphone and generates a six- to eight-digit code every 30 seconds, which can then be used to sign in. This is also known as a time-based one-time password (TOTP).
Microsoft Authenticator, Google Authenticator and FreeOTP are just three examples of authenticator apps, which offer various approaches to securing your account information including two-step verification and TOTP.
Certain websites also generate TOTP, which will either be sent to your mobile phone or your registered email address for authentication.
3. Push-based 2FA
Some systems, such as Apple’s Trusted Devices approach and Duo Push, can send a login prompt to one of your devices. This popup will reveal that someone is trying to log in and will also provide an estimated location.
You are then able to allow or reject the attempted login.
Banks also often offer push-based 2FA where you will need to use the app to approve or reject transactions, particularly those that are carried out on different devices or browsers.
Why activate 2FA?
In addition to being crucial to web security, 2FA actively involves users in the process of staying secure, and fosters an environment where users become informed participants in their own digital safety.
In other words, a user must respond to the query “did I initiate that, or is someone attempting to access my account?” when they receive a 2FA message.
With 2FA, users and administrators work together to secure transactions, as opposed to passive security techniques that don’t include users as partners.
This article was written by MyPF. To simplify and grow your personal finances, follow MyPF on Facebook and Instagram.