This short article provides accountants and bookkeepers with a key point overview on why their apps are going to start implementing two factor authentication and how that works.
Why are my apps implementing two factor authentication?
The ATO is currently rolling out it’s ‘operational framework’ which means software that lodges or contains superannuation and/or payroll data must mandate two factor authentication. You may have already seen the tip of the iceberg on this from Xero, who are ahead of the curve, but the rest of the industry is set to follow in 2019 which presents a challenge for software vendors and accounting firms alike.
What is two factor authentication?
The traditional single factor form of authentication is using a password but in recent years with this relying heavily on the memory and personal password management habits of individuals, is no longer enough. Two Factor or two step authentication “2SA” means a user is asked for two separate pieces of information to validate their identity and access the respective app. The second is typically a code presented on a mobile phone app or by SMS that changes every thirty seconds. A user enters the code after entering their password making it far more difficult for a hacker to steal both pieces of information and trigger a breach.
You can’t argue with easy!
While in reality it is simple enough and something we’ll all need to get used to, it may add a level of ‘clunky’ in the eyes of the busy user whose primary focus in the moment is their forthcoming deadline. More importantly, the other consideration is from an IT administration and policy perspective. Setup needs to be standardised and can often involve requiring a staff person’s personally sensitive information during setup. Not to mention when a device is lost, damaged, forgotten or not accessible for whatever reason a fiddly authentication process that could include frustrating phone calls to software vendor help desks can be triggered.
We’re currently at the tip of the iceberg on this right now with apps that lodge the first to implement however as super and payroll apps are next there’s sure to be a series of others that follow. The challenge for accountants, bookkeepers and their cyber security partner will be how to ensure this remains simple for their users and avoiding a situation where each separate app requires a separate token login creating frustration for their team.
This article was written by Jamie Beresford, CEO of Practice Protect, whose sole focus is protecting accounting firms’ reputations with tools, policies and education to keep data safe without sacrificing convenience.
Get Started With Practice Protect By Requesting A Free Cloud Security Consultation
The fastest and easiest way to learn more is to call us on 1300 010 114 or click here to schedule your free Cloud Security Consultation.