How Outlook 2-Step Verification Enhances Your Email Security

secure email

As today’s world of digital crime and internet fraud gets increasingly rampant, many should be highly aware and familiar with safeguarding their email accounts and login credentials.

Besides storing your private conversations, your email is often a crucial all-access key to all your other online accounts. When you lose or forget your password, typically the account services will require you to retrieve an email to confirm your identity and reset the password. Thus, an email account is worth protecting and should be secured beyond using merely a single password, which leaves the single line of defence vulnerable, weak and prone to attacks and hacking attempts.

Large email providers offer a second and advanced layer of security feature, such as the Microsoft Outlook two-step verification and two-factor authentication, also abbreviated as 2FA, to secure emails and reduce the risk of data breaches. If your email password has been compromised without another layer of authentication to secure it, cyber attackers can break in to gain access to your emails and other accounts.

How does two-step verification and two-factor authentication work?
Two-factor authentication integrates different types of authentication factors such as password or PIN, hardware token and a mobile app. For 2 step verification, it utilizes the same factor twice, which commonly is a password and one-time code sent via text SMS or email.

As you begin the process to enable 2FA in your Outlook email account, you will be prompted to install a Microsoft Authenticator app in your smartphone that works as an identity verification system. Enter the specific email account you wish to connect to, before receiving a verification code to submit and complete the process. Your email account is now secured with 2FA, so the next time you sign in, you can verify your identity with the app.

You could also choose to enter an alternate email address or a phone number to receive a security code and set up the Outlook 2 step verification on your account.

How does it secure your email access?
In addition to a username and password to log in, the additional security step and piece of information only known to the user increases the difficulty for potential intruders to obtain access and steal any personal data or even identity. With this advanced security feature, the 2FA process will not grant access to an account with just a stolen password.

Using the authenticator app or having a one-time password (OTP) randomly generated to your mobile phone or alternate email address benefits greatly in preventing email security breaches as it validates the user’s identity. The OTP, in particular, is only valid for a short period of time and used per login session before expiring. Thus, this enhances the existing login process and secures email from unauthorised access.

If you had lost your phone or are unable to complete the 2FA / two-step verification process, there is also a backup method with a printable recovery code for you to verify your identity and recover your account.

Protect your email account
2FA / two-step verification are just some of the information security practices implemented to maintain the confidentiality of private and sensitive information. Aside from personal emails, any breach of corporate emails could cause adverse repercussions to the company and its clients. By complementing your usual single-password authentication with a second factor, it can effectively secure your email and reduce the risk of stolen passwords, data breaches and unfettered email access which gains control of your account.

Setting Up Your CorpPass Account

corporate pass singapore

Corporate pass (CorpPass), the portal for business and corporate entities to access Government e-services, was announced in the second half of 2016. Since its announcement, it has been slowly released and implemented, replacing many older access points used by corporate entities.

CorpPass will eventually be the digital identity for business entities and become the only method for corporate transaction online, such as interacting with the Inland Revenue Authority of Singapore to file corporate taxes. The stated goal of CorpPass is to provide a single consolidated platform for local and foreign entities to transact with government bodies, eradicating the need for multiple logins to deal with each respective agency.

All locally registered entities in Singapore with a Unique Entity Number (UEN) are eligible and must eventually use CorpPass. Local corporate bodies without a UEN are inapplicable, but their foreign counterparts with a UEN can register for CorpPass.

Despite offering a simplified portal for access to government services, setting up your company’s CorpPass account can be tricky. This guide will bring you through what you need and what to do to set up a CorpPass account.

Registered Officer
The first step to a CorpPass account is finding a Registered Officer (RO) for the entity trying to set up its CorpPass account. Above all, the Registered Officer requires a SingPass account to begin the process of creating a CorpPass account.

As stated by the Ministry of Finance, the Registered Officer can be any person involved in the business entity, as long as the individual in question is a “key officer”.

CorpPass Administrators
The second step is appointing the entity’s CorpPass Administrators as the main figure to manage the CorpPass account. The Registered Officer has to appoint a CorpPass Administrator, and he or she can appoint a maximum of 2 account Administrators.

Following his or her appointment, the Administrator then has to head to CorpPass’ website to register for an Administrator account. Nominated CorpPass administrators will need a SingPass account to proceed with the process of setting up a CorpPass account.

Once logged in, the Administrator will need to enter the company’s UEN and their personal information. A CorpPass ID needs to be entered, as a username to log in and out of the account. The Administrator then requires approval from the Registered, either via online approval or uploading a physical Letter of Approval signed by the Registered Officer.

CorpPass Accounts
Once approved by the Registered Officer, the CorpPass Administrator can create CorpPass accounts and manage access to government-provided services. There are four types of CorpPass Accounts: CorpPass Administrator, Sub-Administrator, Enquiry User and CorpPass User.

Within an entity’s CorpPass account, Administrators and Sub-Administrators are in charge of managing access to the government’s digital services. This is carried out by the Administrators, by selecting their desired digital services and assigning access to their colleagues to handle the transactions with the appropriate government bodies.

To conclude, this guide have given you a clear, step by step look at setting up your CorpPass account. Eventually, all entities in Singapore will an account and it would be beneficial to set up your account earlier rather than later.


Securing Your Email: 3 Methods for Stronger Security

secure email singapore

For most of us, we check our emails as soon as we wake up. Our email account is a virtual home, an operation base, somewhere we base ourselves to access information affecting all aspects of our lives. Setting up social media accounts, personal and professional correspondences all require our email account.

As the nexus for our different accounts elsewhere, it should not come as a surprise that hackers consistently target our personal email accounts. There are innumerable hacking threats, and we must secure our email accounts to deny perpetrators access to this valuable mine of personal information. This article will look at several methods you can use to secure your email accounts.

A Strong, Unique Password
This might sound extremely obvious and simple, but it is one of the most effective methods to beef up your email’s security. Many of us are probably guilty of reusing passwords for our different email and social media accounts or using simple passwords. Passwords like “password1”, or “lastpass” are easy prey for password cracking programs or hackers. Your birthday, company name, or phone number can be easily guessed.

The strongest passwords are those that consist of a random set of numbers, characters and letters, making your password virtually guess-proof. Hackers will have to resort to password hacking software. A strong unique password presents seemingly infinite password combinations, and even advanced software will need at least 200 to 700 years to derive the correct password.

Two-Factor Authorisation
Two-Factor authorisation is another huge step you can take to protect your email account. Otherwise known as 2FA, it is one of the strongest defences you can establish against malicious hackers.

2FA demands two pieces of information to log in to your email account. Your username and password counts as a single factor, while the second factor usually comes as a one time password sent to your handphone. Only when both factors are verified can you login to your email account. Outlook’s two-factor authentication will keep your account safe even if a hacker manages to successfully figure out your password.

This makes it infinitely harder for hackers to gain access to your account, as they now must correctly handle both authentication factors. Not only will they need to correctly guess your password, hackers will still need to hack their way into your protected handphone to intercept your one-time password.

Looking Out for Phishing Emails
Having the most complicated password in place will count for nothing if you fall prey to phishing scams. Phishing emails aim to trick people into handing over their account details. This usually done by linking victims to fake websites that ask for personal information. Once entered, the fake website stores the information, passing it back to the hacker to gain access to the victim’s email account.

Phishing is not a new or ground-breaking hacking method. However, it requires our attention to avoid falling prey to these increasingly convincing and sophisticated scams.

As a conclusion, these are some of the most effective ways to secure our email accounts from hackers. While hackers will undoubtedly come up with new approaches and schemes, the steps covered above will provide a firm foundation to secure your email account from unwanted access.

Role of NEVIS in Email Security

secure email singapore

Since the start of a digital era in today’s 21st century, email has rapidly risen to be the main form of business communication. In Singapore, most organisations utilise corporate email systems such as Microsoft Outlook for the efficient exchange of information within and without the organisation. With the convenience and instantaneous connectivity, email has developed into an essential platform for businesses. However, the use of emails has opened up a plethora of security threats, as hackers continue to find ways to target companies and email is simply another opportunity for them to exploit. A recent survey in 2016 observed that 95% of people are sharing up to 6 passwords, with 59% of respondents indicating that they reuse passwords across multiple platforms. In addition, 61% said that they were more likely to share work-related passwords than personal passwords. In light of such observations, there is a pressing need for organisations to heighten email security, and therefore prevent any confidential corporate data from leaking. To this issue, NEVIS proposes the implementation of two-factor authentication (2FA) software, Email Client 2FA.

Using a One-Time Password (OTP), Email Client 2FA adds an extra layer of security to existing email systems through two-factor authentication. Users can obtain their OTP via SMS on their smartphones and personal devices. Smart cards and tokens are other alternatives organisations can choose to use. As the name implies, OTPs can only be used once and is valid for only one login session or transaction. Expiring after a very short period of time, the OTP mechanism prevents identity theft, making it very difficult for criminals to obtain unauthorised access to information and networks. A study conducted by NEVIS in 2017 found that approximately 69% of companies have implemented two-factor authentication systems for their employees, thus proving the effectiveness of 2FA.

Moreover, Email Client 2FA does not require virtual private network (VPN) access, allowing companies to cut down on VPN-related costs. By eliminating the use of VPN, organisations further minimise their risk exposure as they can control who can access intranet applications. Organisations can grant access to non-employees, without the fear of their digital security being compromised. Mobile users can also enjoy a streamlined login process and improved usability with secure email access. In addition, no agent installation is required, therefore reducing any possible issues about support and compatibility.

Another function of Email Client 2FA is the ability to work with fat clients such as Microsoft Outlook, thus being equipped with more features for users, compared to thin clients. As a result, employees have an enhanced workspace, thus promoting better workplace productivity.

Aside from 2FA authentication, NEVIS offers other authentication methods with Email Client 2FA such as Google Authenticator, RSA SecurID, etc. Its additional features include Single Sign-On, user request workflows, user account provisioning and self-service portal.

With NEVIS’ Email Client 2FA, organisations can strengthen digital security, preventing data breaches and attacks of malicious intent. Employees can enjoy email security without the compromise of usability, allowing them to work with peace of mind.

Why is IDaaS the Future?

identity access management products

Identity as a service (IDaaS) is identity access management products that are based off software-as-a-service (SaaS) models which enables organisations to deliver single sign-on (SSO), authentication and access control features through a third-party service provider. IDaaS offers cloud-based authentication to businesses that purchase it as a subscription-based managed service. Subscribers are granted role-based access to specific applications or even entire virtualised desktops via a secure portal. This is to ensure that users are who they claim to be which is especially crucial in a corporate culture that is gradually shifting towards bring-your-own-device (BYOD) workplace environments, due to the rising number of personalised devices possessed by employees. Utilising a centralised cloud-based system generated by identity experts, the process of local identity provisioning is greatly simplified, and thus able to adapt immediately to new security challenges.

By reducing the risk associated with password sprawl and poor password handling practices, IDaaS can enhance cybersecurity. At the same time, the login process can be streamlined to become more secure and efficient, not only saving time but also the number of password resets. The process to shut down any compromised account is seamless and faster as well. Similarly, an employee who leaves the organisation will have their user accounts terminated, preventing any opportunity for identity theft and unauthorised access to corporate data.

IDaaS allows identity services to be integrated into application development and application runtime environments. Applications can embed identity access management functions as a part of their inherent business processes without the need to have coding knowledge. IDaaS also reduces complexity through increased ability to leverage critical identity data while eliminating the challenges of management and replication. Apart from SSO, IDaaS can be paired with multifactor authentication at an appliance and system level, further decreasing the chances of a hacker being able to breach security.

Furthermore, businesses will benefit from the amount of money saved. Through IDaaS, the digital security team is no longer required to back up data; maintain servers; upgrade or purchase new software; fork out hosting fees; set up virtual private networks; and the like. A reinforced security system using IDaaS will benefit the organisation financially in the long run, preventing any online attack that might put a huge dent into their business. For a small enterprise, an attack on IT security can rack up to about $40,000 in damages on average. Therefore, the many advantages proffered by IDaaS-based identity access management solutions should not be made light of. With the payment of a subscription fee and the administrative work, companies can enjoy increased revenue stream without having the integrity of their networks threatened.

As the digital world progresses towards a future of cloud computing and enhanced interconnectivity, email search, as well as network security, will be moved to the cloud. In order for businesses to keep up and stay ahead of the pack, IDaaS will serve as the inevitable future-forward choice for IT security. Organisations that have to yet to adopt identity access management solutions should soon consider implementing IDaaS.