SiteSuite - Website Design Sydney
 
 

2FA
Two Factor Authentication

What is 2FA?

It provides an extra layer of security on log in's, typically via an app such as MyGov or via an auto generated SMS to your phone. Typically this is a 6 digit numeric code you need to enter to complete your log in process.

Is there any difference between using the app and SMS methods?

The app method is more secure as it doesn't rely on the telephone network. If you lose your phone, the Sim card owns your phone number and allows any SMS to be received on another phone. Accordingly there will be a vulnerable period between getting your old number cancelled and your new phone number updated.

How big is the risk?

The risk is real; several years ago we had a client whose PC was hijacked by a bad actor. They added an additional page to her website requesting clients re-enter their credit card details to verify their purchases. The credit card information was then harvested for fraudulent means. Luckily this client had regular purchasers and it was uncovered quickly, however all her order history and client's details would have been harvested in addition to the credit card scam.

While it can be very hard to change SiteSuite website code, it is easier on Wordpress. Accordingly cleaning a website post a successful hack can be time consuming as you either need to audit all the code to be safe or start with a fresh install and migrate over the content.

Depending on what information is kept on the website you may also be up for a ransomware attack.

Will the lack of using 2FA impact on my insurance?

This is the unsolicited response from one of our clients who is an insurance broker. "Good to see you on it. As of next year (2023) a lot of the insurers will have this as a minimum to hold the insurance for Professional Indemnity, Public Liability, and Cyber insurance."

What devices can I install the 2FA app on?

Any Phone, Tablet, (both IOS/Android) or PC

How do I tell my clients I'm going the extra mile for them?

We've designed an icon that can go into the footer of your website to highlight that your site uses 2FA and is more secure.

2FA icon for more secure websites

How do I pay for 2FA set up and are there any ongoing fees?

For SiteSuite clients there is a modest single upfront charge, and any ongoing maintenance will be included in the general monthly support charge. For Wordpress clients there is a lower upfront charge and an ongoing monthly fee to cover the cost of the premium plug-in we use.

What is TOTP?

This is the abbreviation for Time-based One-Time Passwords and is a common form of two factor authentication using standardised RFC6238 authentication. Unique numeric passwords are generated with a standardised algorithm that uses the current time as an input. The time-based passwords provide user friendly increased account security when used as a second factor. For those who want to take a more in-depth look you can check it out here: https://en.wikipedia.org/wiki/Time-based_one-time_password

How easy is the install process?

We are putting together very simple training instructions for the various devices that the app can be installed on. Plus our staff will be available to step you through the process as required. Once the app is set up locally with each user we then need to create the "handshake" (typically done via a QR code) between the app and your website's login process.

Are any credit card details kept on my website?

No, all our payment gateways for both SiteSuite and Wordpress are set up to ensure no credit card details are kept in any website databases including our back of house servers.

What software are you installing 2FA on?

The SiteSuite CMS and Wordpress, if you have a Wordpress site you don't need to be an existing client for us to install 2FA for you.