Two-Factor Authentication, or 2FA, is an extra layer of protection used to ensure the security of your user accounts beyond just a username and password. Let’s look at why you should add an additional layer of security to your Constructive setup.
When building a home and using personalised home building software, like Customer Portal or Online and 3D Selections, client accounts hold a considerable amount of personal data — think names and addresses, sensitive documents and identifying information.
Keeping data safe
“It’s important to offer your clients a solution which will keep their data safe. It’s a good idea to use Two-Factor Authentication,” says Constructive Data Engineer, Nigel Stacey.
Constructive CEO, James Salt, agrees: “I recommend insisting on strong, unique passwords, multi-factor authentication on logins and educating staff to avoid sharing login information with each other.”
“Encourage the use of a password manager, like Bitwarden, LastPass or 1password, with a strong Master password. This means the user only needs to remember the one master password but will have a strong, unique password for each account they have,” advises Full Stack Developer, Shane Monck.
“Within most password managers, you can even check for compromised passwords so you can go and change them,” adds Nigel.
Don’t forget, it’s not just clients’ individual, personal data that’s at risk, your team’s Admin logins may have access to many clients’ names, addresses, documents, and more.
An extra layer of safety
As attackers become more sophisticated, it’s of benefit to make extra effort to protect your data. An extra layer of safety has been introduced to Constructive through the Security tab, where you can set your authentication preferences.
Two-Factor Authentication, also known as 2FA, is a form of multifactor authentication (MFA) of user credentials.
Banks, as an example, use 2FA by combining a physical object — a bank card — with a secondary validation: a PIN code known only by the account owner. If the bank card is stolen, the customer’s bank account is not accessible without the other credential: the PIN code.
Similarly, when you log in to various apps and online accounts, you require a password only known to you. However, this password could be obtained through hacking techniques, like phishing, or brute force attacks.
Shane explains: “If attackers have, or guess, an email address or username, they might try a bunch of commonly used passwords to attempt to get into the account. Or, they might access an exposed database of emails and passwords and try these in case the password is re-used across many sites. Even if the user adds a number or special character each time they make a new password, the attacker can very easily try these too. It’s why it’s so important to have a unique, strong and confidential password for every single account you own.”
Limit login attempts
If a login attempt isn’t limited after a certain number of failed attempts, a bad actor has as many changes as they wish to guess a password — or even a two-factor code.
Shane gives an example of why it’s essential to limit login attempts:
“A 2FA code is usually six digits that change every 30 seconds. The odds of guessing a random, six-digit code with numerals from 0-9 is approximately one in a million. If you give an attacker as many attempts as they wish to guess this code, they’re more than likely to strike gold as a computer can easily try a million operations in under 30 seconds.”
“However, if you limit the amount of attempts to just 10, and then intervene, it’s almost impossible to guess this number.”
Constructive 2FA
Constructive has introduced the option of Two-Factor Authentication sign-in to add another layer of verification so you can protect your user accounts.
Users should install one of the popular authentication apps, (like Microsoft Authenticator, Google Authenticator, Authy, etc), on their device. Once you enable 2FA as a sign-in method for Constructive, users will be prompted to input a code generated by the authenticator app to log in.
Shane highly recommends using an authenticator app for Constructive account logins.
“2FA is essential to web security. It immediately neutralizes the risks associated with compromised passwords. A password might be hacked, guessed, or even phished but that’s no longer enough to give an intruder access: without the second factor, a password alone is useless.”
“Enable Two-Factor Authentication and opt for using an authenticator app, where possible — SMS and email are more prone to phishing, SIM swapping and social engineering attacks.”
2FA is simple and easy, but gives you powerful protection — and even non-technical users can quickly understand how it works. Adding 2FA to your Constructive logins is an easy way to make your account more secure.
