Unleashed is implementing 2-step authentication (2SA) from 12 October. Here you’ll find out why we’re making the move, what it means for our users, and how stronger security will benefit them.
What is 2-step authentication?
2-step authentication, sometimes referred to as two-factor authentication/verification or dual-factor authentication, is a security process that adds a second level of authentication to an account log-in. You use a single-factor authentication when you only have to enter your username and one password.
2SA requires users to have two out of three credentials before accessing their account:
- Something they know, such as a PIN, password or pattern
- Something they have, such as an an authenticator app, security token or fob
- Something they are, such as fingerprint scans or voice recognition
More companies are starting to use 2SA to protect their users’ credentials from being used by hackers who have stolen a password database or used phishing campaigns to obtain user passwords. You’ve probably come across 2SA before. Dropbox, Facebook, Whatsapp, Amazon, Google, Instagram and a whole bunch of other apps use 2SA.
Apple’s two-step authentication
How does 2SA work?
2SA adds another layer of security. Here’s how it works:
- The user logs in with what they know, usually their username and password. The site’s server finds a match and recognises the user
- The site then prompts the user to enter the second login step. This can be through an authentication app, security token or any other credential
- After successfully providing both factors, the site grants access to the user
If you receive a temporary access code for an account you weren’t trying to log into, someone could have your password and is trying to access your account. Change your password immediately.
Why is Unleashed moving to 2SA?
A majority of passwords aren’t good enough — 90% of employee passwords can be cracked in six hours. Unleashed Software is implementing 2SA to protect our users.
Maintain security standards
As cybercrime gets more sophisticated, Unleashed wants to protect our users’ sensitive business data. Passwords are often weak or reused across multiple accounts. 2SA protects your account from being accessed with just a password.
Keep up with requirements
Unleashed-integrated apps like Xero and Shopify have all enabled 2SA so we want to keep your data coming in and going out of Unleashed safe across all your cloud-apps. Plus, some government bodies like the Australia Tax Office require cloud apps like Unleashed to use 2SA.
Avoid data loss nightmares
2SA makes it harder for attackers to access your account and your business data. Data breaches have long-lasting impacts on your business: revenue loss, damage to brand reputation, business data loss, and more.
Reduce the risk of fraud
Imagine a disgruntled ex-employee uses the login details for a shared inventory management account and they start creating unnecessary purchase orders and deleting customer details. Even though they have done these actions, your company will need to bear the responsibility of paying for the purchases or getting back in touch with the customers. In order to prevent fraudulent activity, you need to make sure your accounts are well protected.
The fewer walls you have, the more vulnerable you are. Sharing account information of any kind is a guaranteed way to compromise your account security. It leaves you vulnerable to identity theft and erodes your customers’ trust. An attacker can use your business details to purchase goods and services, access your systems and other apps, and more. You might not realise your identity has been stolen until much later, such as when you get invoiced for things you didn’t order.
How will 2-step authentication affect me?
There’s more than one way to protect your business. 2SA adds another step to your login process but the peace of mind is worth it.
With an added layer of security, 2SA does improve protection but it’s not impervious to attackers. As cybersecurity improves, Unleashed will continue to use the most relevant methods to protect our users.
How do I set 2-step authentication up in Unleashed?
From 12 October, users with access to the organisation settings will be able to switch on 2SA in Unleashed. This will immediately prompt users to log in again and set up their 2SA — they will not be able to log in without doing so. We encourage businesses to set this up early before 2SA becomes compulsory so you can help your team make a smooth transition.
From the week starting 16 November, all users will be required to set up their 2SA to log in and will not be able to log in without it. From this date, organisations won’t have the option to switch it off.
We’ve detailed the full step-by-step instructions on our help file. It shows you:
- How to enable 2SA as an account owner
- How to set up 2SA as an Unleashed user
- Recommended authentication apps
Alternatively, watch this video to learn how to set up 2SA as an Unleashed user: