This article explains why Multi-Factor Authentication (2FA) is an important security control and how it reduces the risk of unauthorised access.
- Why passwords alone are not sufficient
- How 2FA Reduced Risk
- Why Higher-Privilege Accounts Are Higher Risk
- How 2FA works in Booking Rooster
- Security Best Practice
Why Passwords Alone Are Not Sufficient
Passwords are a primary layer of protection, but they can be compromised in several ways:
- Reuse across multiple systems
- Phishing attacks
- Brute-force or credential-stuffing attacks
- Exposure through third-party data breaches
If a password is compromised, an attacker may gain access without additional safeguards.
How 2FA Reduces Risk
Two-Factor Authentication adds a second layer of verification. It requires:
- Something the user knows (their password)
- Something the user has (a time-based verification code)
Even if a password is exposed, the second factor significantly reduces the likelihood of unauthorised access.
Why Higher-Privilege Accounts Are Higher Risk
Users with access to other users’ private data or broader system permissions represent higher-risk access profiles.
If these accounts are compromised, the potential impact is greater.
For this reason, Booking Rooster supports automatic enforcement of 2FA for higher-privilege roles when 2FA is enabled (ie Administrators/Organisers, Trainers/Hosts) and those with other special access levels).
How 2FA Works in Booking Rooster
When 2FA is enabled:
- It is automatically required for users whose role includes access to other users’ private data.
- It is not required for lower-privilege roles unless configured by your organisation.
Authentication policy is configured via Site Manager using the verification_2fa setting.
For configuration instructions, see:
Two-Factor Authentication (2FA) – Setup & Defaults
For an overview of authentication and access controls, see:
Authentication & Access Control
Security Best Practice
Enabling 2FA for higher-privilege users aligns with widely recognised security best practices, including:
- Least privilege
- Risk-based authentication
- Multi-factor authentication for sensitive access
If you have questions about configuring 2FA for your organisation, please contact support@bookingrooster.co.nz,
Comments
0 comments
Please sign in to leave a comment.