19 June 2013

Many popular sites offer optional extra log on security. You should enable it.

Many of the world’s most popular online services now offer two-factor authentication for log on as an alternative to their existing single password methods.

Two-factor authentication (or two-step log on, or other similar term) involves two different criteria or factors used to authorise your access. Typically, this involves using something only you know (like a password) and something only you have (like your phone).

Sites such as Twitter, Paypal, GMail, Evernote, Facebook, Dropbox, WordPress, and recently, LinkedIn, as well as others have introduced an optional second factor to their log on process.

If you use any service that offers additional factors for authentication, we advise you to enable and use these.

About two-factor authentication

Unfortunately, human factors often result in passwords that are too weak or passwords that are reused on multiple sites (both practices we advise against!). A second authentication factor adds another independent requirement before log on is permitted.

Many of the sites mentioned above employ a similar method—a single-use verification code sent by text message to your phone which needs to be entered in addition to your password before access is granted.

The security of your mobile phone, therefore, also becomes an important consideration.

Other sites may offer alternative methods such as key generators, smartcards or even biometric criteria (eg fingerprints) for establishing the second factor.

No authentication method is perfect, but two-factor methods will generally improve the security of access to your account. You can usually find the option for enabling it in your account settings for each site.

Continuing to use a strong and unique password for each site or service you use remains vital. It is one of the core things you can control to be safer online.

More about setting and using a strong and unique password.

More information

LinkedIn explains its version of two-factor authentication.

Stay Smart Online’s factsheet on password security (PDF)

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.


Thank you to those subscribers who have provided feedback to our Alerts, Advisories and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Broadband, Communications and the Digital Economy ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.

Host of subscription service

The Commonwealth has engaged Ladoo Pty Ltd to host the Stay Smart Online Alert Service. All URL links should show the domain send.ladoo.com.au at hover over. URL links related to the administration of the service ('View online', 'Update your profile preferences' and 'unsubscribe') should direct you to web pages hosted by Ladoo Pty Ltd.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] dbcde.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address robert.novelli [at] communications.gov.au.
Update your profile preferences
If you no longer wish to receive the SSO newsletter, you can unsubscribe.

© 2012 Australian Government. All rights reserved

Connect with Stay Smart Online