Secure passwords alone can’t protect your private data in today’s world of cyber-attacks, as cybercriminals continue to step up their game and find ways to circumvent online security systems.
Recently, 1.2 million customers’ personal information and identification documents were stolen from the telecom giant Optus in one of the Australia’s biggest cybersecurity breaches. It’s estimated that approximately 40% of Australia’s population has been affected by this breach, which was traced to an anonymous online account.
Another recent data breach, this time closer to the real estate industry, occurred when a Harcourts rental database of tenants and landlords personal information was accessed by an unauthorised source, potentially leaking the personal details of hundreds of people.
How can such attacks be avoided?
Companies will often implement multiple layers of security, but the last line of defence your login details are hardest to protect. Think of it as your front door: you’ve locked the screen door and entry door, but leave the keys in the lock on the outside, and those doors suddenly aren’t very secure – and passwords are no different. Share your password or leave it lying around written down on paper, and suddenly it isn’t very secure.
Adding another layer of security to the login process is critical, and this is where 2-factor authentication (2FA) comes in.
Two-factor authentication: what is it?
Two-factor authentication, or 2FA for short, is an additional authentication method used by websites and online applications, like iDashboard. You will have experience 2FA before if an online service has ever sent you a 6-digit code via SMS or email to access to your account, such as online banking or MyGov.
In addition to asking for your password, 2FA helps verify you are authorised to access an account by providing a code through your phone, a physical device that you have, but an account attacker doesn’t. Security codes are usually a one-off code, valid for 60 seconds, that is needed to proceed with logging into a website or application.
Authentication apps are one way to achieve 2FA, and they continuously generate temporary 6-digit security codes every minute, using security keys specific to an individual user.
What makes two-factor authentication so important?
You can prevent some of the most common security problems by implementing two-factor authentication.
The likelihood of your account getting randomly hacked is low-to-medium, but the risk increases significantly if you share passwords, or re-use the same password across multiple websites and applications. In 2012 6.5 million plain-text passwords were leaked from LinkedIn, providing hackers with the email addresses and passwords for millions of other online accounts, since users were re-using the same password across different websites.
Two-factor authentication helps in a scenario like this, by making sure that your online accounts can’t be accessed with a username and password alone.
Here’s why you need 2-factor authentication:
Hackers frequently attack online accounts.
A lot of databases on the dark web contain information about previously hacked websites and services. In these databases, usernames and passwords are typically stored in large quantities, and in some cases passwords are plainly visible or are ‘encrypted’ with poor methods that are easily decrypted.
Many people use the same password for every website.
Most people use the same password for most of their online accounts, which is why two-factor authentication is necessary. Password managers that generate unique and complex passwords are becoming increasingly popular, but they are not as prevalent as they need to be. In the absence of two-factor authentication, hackers can gain access to your account if they know the username and password.
iDashboard 2FA:
Two-Factor Authentication (2FA) is available in iDashboard to provide an extra layer of security when logging into your iDashboard account. It is currently optional on iDashboard, however 2FA will become mandatory in the future, so we encourage all users to start using 2FA now.
2FA in iDashboard requires an authenticator app installed on your phone. We recommend using either Google Authenticator, Microsoft Authenticator, or Authy. All recommended apps can be found for free on the Google Play Store for Android, and the Apple App Store for iPhone (there are a lot of authenticator apps out there, and the best ones are free, so don’t get caught out by some that want you to pay a subscription fee).
If you already use an authenticator app for other services, you can continue using this for iDashboard as well.
2FA is enabled on a per-user basis, and we recommend that all users have their own iDashboard login and password before activating 2FA on their account.
Once 2FA is activated for your account, you will be required to enter a 6-digit code each time you log in to iDashboard.
How To Activate 2FA
Go to Admin & Account Settings > Employees and click on the employee record you would like to activate 2FA on.
Click on the 2-Factor Auth tab.
Follow the instructions provided in the 2-Factor Auth tab to enable 2FA for your account. You can find out more, include full step-by-step instructions on our help desk at https://help.iproperty.com.au/hc/en-us/articles/5733476922511-Enable-Two-Factor-Authentication-2FA-
What else can be done?
Ensure each of your team members who need to access iDashboard have their own account, with their own username and password (with 2FA enabled!). Avoid sharing passwords. Regular office accounts have no limits on the number of people who can be setup, so there is no excuse for sharing passwords.
Ensure you have Roles setup correctly, and team members are assigned to their appropriate role. Roles are like security groups, and controls what a user can and can’t do. For example, if a user doesn’t need the ability to export your entire contact database, then Roles prevents them from doing this.