Two-factor authentication: why you need it and how to add it

Data security is one of the biggest concerns for TIMIFY customers, regardless of their size or which industry they’re working in.

In a series of articles, we focus on the security functions in constant development to ensure the highest level of protection at the greatest convenience for our clients.

Here we look at the long-standing username and password as a security method, and why it is no longer fit for purpose in any business holding sensitive data.

Username and password doesn’t work

Research shows that two-thirds of people use the same password for all their accounts, while 90% of passwords can be cracked in less than six hours.

While this may have been due to ignorance in the past, the majority of online users today are well aware they should be employing stronger passwords for their account access.

But with the average person having over 100 different online accounts registered to their personal email address, many just choose convenience over the security risk.

And that’s just passwords for personal accounts. When it comes to logging in to work accounts several times a day, many more people will choose something quick and easy to remember.

This should be enough to tell any business holding sensitive data that usernames and passwords have long since been an effective security measure.

Why two-factor authentication is the answer

Even if ‘two-factor authentication’ or ‘2FA’ is not familiar terminology, it is familiar technology for any online user.

It involves adding an extra step in account authentication beyond the username and password – usually by sending an instant password or code to your phone or email (though it could also involve biometric data such as your fingerprint or face scan).

That way, even if a hacker has your login data, it’s highly unlikely they will also be able to intercept an additional security code sent this way.

From Google, PayPal and the social media giants to your banking apps and social security services, 2FA methods have become simple, highly effective and, therefore, commonplace.

"An SMS code sent to a recovery phone number helped block 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks."

- Google Security Blog

The fact it has been implemented by so many different companies shows that this level of protecting account access has become a standard, rather than an extreme.

How to do it with TIMIFY

Two-factor authentication can be activated in all TIMIFY products, from the web, tablet and mobile apps to Branch Manager.

In Branch Manager you can choose to apply 2FA to all your global locations, or to individual branches.

Once enabled, users will then need to download an authentication app to their phone (Google Authenticator, Last Pass, Free OTP are popular options) and will use this to verify each login with a unique code.

It’s that simple to significantly strengthen the login security for your TIMIFY account. For step-by-step installation instructions, read:

How to Set up Two-Factor Authentication (2FA) for your Account

TIMIFY Branch Manager: How to Set up and Manage Two Factor Authentication (2FA)

For any further installation support or queries regarding 2FA, contact our team!