Which of the following is the best description of two-factor authentication cyber awareness

Friday marks the end of Cyber Week at Commonwealth Bank (24 to 28 October), an opportunity to help our customers boost their cyber security. It comes at the close of the nationally recognised Cyber Security Awareness Month, when all Australians are reminded to stay safe online.

“Cyber security is a year-round priority at Commonwealth Bank, and ongoing events highlight the importance of getting cyber basics right — things like creating strong passwords, keeping devices and apps up to date, and understanding how and where data is stored,” said Commonwealth Bank’s Chief Information Security Officer Keith Howard.

A focus of Cyber Week in 2022 is the Small Business Cyber Security Guide, a free new resource created by the Australian Cyber Security Centre (ACSC) that helps businesses prepare for and act against online threats.

“It's important that across industry and government we continue to work together to de-mystify cyber. That’s why we’re pleased to provide a simple cyber security guide with easy-to-follow advice that will help small businesses improve their cyber defences,” said Mr Howard.

The guide is designed to help businesses implement simple measures to prevent common online security incidents, with an overarching message that getting online security up to standard isn’t prohibitively expensive or time-consuming  — rather, protection comes from good habits and education.

“A cybercrime incident is reported to the ACSC every 8 minutes. We see the impact of cyber security incidents each and every day, on individuals, small businesses and large companies,” said Dr Derek Bopping, First Assistant Director-General Cyber Engagement and Strategy at the Australian Cyber Security Centre. “We are pleased to work with the Commonwealth Bank and hope this guide is well used by their nearly 1 million small business customers this Cyber Week and all year round.”

Some of the key advice in the guide includes:

Multi-factor authentication (MFA)

One of the simplest and most effective ways to protect against unauthorised access, MFA is a security measure that requires two or more proofs of identity. For example, in addition to providing a password, a user must also use an authenticator app, and/or a fingerprint. MFA makes it much harder for criminals to attack a business, because even if they manage to steal one proof of identity (such as a password), they still need to obtain other proofs to gain access.

Keeping tech updated

The guide provides an overview of how to audit hardware and software to make sure everything is up to date. Things like automatic updates can help a business maintain its defences, but backing up data is equally important if something goes wrong.

Training your team

The people in a business can be the best defence or weakest link against online threats. The guide itself is a great educational tool for business owners and their teams, but additional regular training can also help everyone feel confident in their role in keeping the business safe. CommBank’s free webinars on staying safe online can help business owners get started.

To download the guide and find out more about scam and cyber security protection for your business, visit: commbank.com.au/business-security

Two-factor authentication (2FA) is a security system that requires two distinct forms of identification in order to access something.

Two-factor authentication can be used to strengthen the security of an online account, a smartphone, or even a door. 2FA does this by requiring two types of information from the user—a password or personal identification number (PIN), a code sent to the user's smartphone, or a fingerprint—before whatever is being secured can be accessed.

• Two-factor authentication (2FA) is a security system that requires two separate, distinct forms of identification in order to access something.
• The first factor is a password and the second commonly includes a text with a code sent to your smartphone, or biometrics using your fingerprint, face, or retina.
• While 2FA does improve security, it is not foolproof.

Two-factor authentication is designed to prevent unauthorized users from gaining access to an account with nothing more than a stolen password. Users may be at greater risk of compromised passwords than they realize, particularly if they use the same password on more than one website. Downloading software and clicking on links in emails can also expose an individual to password theft. 

Two-factor authentication is a combination of two of the following:

• Something you know (your password)
• Something you have (such as a text with a code sent to your smartphone or other device, or a smartphone authenticator app)
• Something you are (biometrics using your fingerprint, face, or retina)

2FA is not just applied to online contexts. It is also at work when a consumer is required to enter their zip code before using their credit card at a gas pump or when a user is required to enter an authentication code from an RSA SecurID key fob to log in remotely to an employer’s system.

Despite the slight inconvenience of a longer log-in process, security experts recommend enabling 2FA wherever possible: email accounts, password managers, social media applications, cloud storage services, financial services, and more.

Apple account holders can use 2FA to ensure that accounts can only be accessed from trusted devices. If a user tries to log in to their iCloud account from a different computer, the user will need the password, but also a multi-digit code that Apple will send to one of the user's devices, such as their iPhone.

Many businesses also deploy 2FA to control access to company networks and data. Employees may be required to enter an additional code to sign into the remote desktop software that allows them to connect to their work computers from outside the office.

While 2FA does improve security, it is not foolproof. Hackers who acquire the authentication factors can still gain unauthorized access to accounts. Common ways to do so include phishing attacks, account recovery procedures, and malware.

Hackers can also intercept text messages used in 2FA. Critics argue that text messages are not a true form of 2FA since they are not something the user already has but rather something the user is sent, and the sending process is vulnerable. Instead, the critics argue that this process should be called two-step verification. Some companies, such as Google, use this term.

Still, even two-step verification is more secure than password protection alone. Even stronger is multi-factor authentication, which requires more than two factors before account access will be granted.

Multi-factor authentication (MFA) is one of the most effective ways to protect your valuable information and accounts against unauthorised access.