Most Authenticator apps have an option to transfer/switch to a new device. You will need to have a look into your specific application for how to do this. Our NZCAR support office will not be able to provide advice for this. You might be able to get advice from your team lead/IT support if another team member has also got a new device and has gone through the process already.

If you are not able to transfer your Authenticator App to the new device, we can reset your account, so you are prompted to re-setup MFA from the new device. If you require this step, please reach out to our Support Office.

Yes! You will need to determine which authenticator app will work with your specific device (not all authenticators work on all devices or Operating systems (OS). We have seen clinics have success with Authy and Microsoft Authenticator mainly).

Having the authenticator on a device that is able to move around the clinic, means that when a team member wants to log into the NZCAR on any clinic computer, they just need to grab the the iPad/tablet, open the authenticator and enter the 6 digit code onto your computer.

You can set up the authenticator on multiple iPad/tablets, if your team have many!

Yes! If you already utilise an Authenticator app with other online accounts, you will likely be able to use this same app for access to the NZCAR. If you are a team, it may depend on how your team currently logs into the NZCAR and what device your existing Authenticator App is on, as to whether you will be able to use this for NZCAR access. 

You do not need to have access to a mobile phone for use of your Authenticator App. Some users will have a work phone, and will find this the easiest way to access their Authenticator App but many users will not. We have recommended two different Authenticator app options which will suit different users - some can be accessed via a mobile phone, and some accessed via your internet browser.

If you are part of a team - consider strongly, who has access to the device you put the authenticator app on. For example, if you decide to set up the authenticator on one team members personal phone, the remainder of the team will only have access to the NZCAR when that one staff member is working.

You are able to use any Authenticator App that suits you or your teams access, but to help users who are not too sure where to start, below are Help Guides for two Authenticator Apps that we find are easy to use.

Help guide for Twilio Authy 

Help Guide for Authenticator Extension

From the 16th December 2024, all Approved Users including vets, SPCA, animal rescues and others who have authorised access to the NZCAR, will be required to use MFA when logging into their account. 

There will be some setting up so that your team can access from their chosen devices, using your chosen authenticator app. We will provide 'how to' guides and recommendations for each user type, to make this process as easy and pain-free as possible.

Your log in process will continue to look very similar to how it does currently, with one added step. Once you have correctly entered your accounts email and password, you will be prompted to enter a unique code from your chosen authenticator application. Once you have entered this code, you will be logged in as normal!

From 16th December, MFA will be required for all Approved Users. This includes those with Enquirer, Enquirer Plus and Implanter status. We are not implementing MFA for guardians, at this stage.

The NZ Companion Animal Register is home to over 1.3million animal registrations and their associated guardians details. We take security of this data very seriously and is why we are moving to implement Multi Factor Authentication for all of our Approved Users who use the database every day to help get lost pets home.

Should anyone of our 1000 Approved User organisations suffer a cybersecurity breach, without MFA, it would be easier for attackers to maliciously access the NZCAR via your account.

The Privacy Commissioner has recently expressed that small businesses or organisations that hold or share personal information digitally, should have 2FA implemented as a minimum. 

“Two-factor authentication is a bare minimum we would expect for small businesses or organisations that hold or share personal information digitally.  If you are a small business that has a cyber-related privacy breach and don’t have at least two factor-authentication in place expect to be found in breach of the Privacy Act.”

https://www.privacy.org.nz/publications/statements-media-releases/office-of-the-privacy-commissioner-encourages-two-factor-authentication-in-war-on-cybercrime/

NZCAR Support staff already utilise MFA.

Multi-factor authentication (MFA) is becoming more and more common across NZ and the world! You're likely to have already experienced using some form of MFA in your day to day, whether that is accessing your bank account, making a payment on a website, or logging into your email account.

MFA is an identity verification method in which a user must supply at least 2 pieces of evidence, such as their password and a temporary passcode (sent to or shown in a secure location), to prove their identity.

Two-factor authentication, or 2FA, SSO, along with similar terms are all types of MFA.

MFA adds additional layers of security, making unauthorised access significantly more challenging. By requiring multiple forms of verification, MFA ensures that even if one factor is compromised, unauthorised users are unlikely to have access to the other required factors.

Most people will be familiar with MFA in the forms of -

• 'Biometric Verification': scanning your finger print or facial recognition (used by many banks)
• 'Text or email code Verification': when attempting an action (such as logging in) a code is text or emailed to the recorded details for that account. This code must be entered to complete the log in.
• 'Security Questions': This is a simpler form of MFA. These are questions that only the user should know the answer to, like their mothers maiden name, or the user’s first employer.

An Authenticator App is an application that generates a one-time code to help secure access to online accounts and add an additional layer of security to accounts.

Some examples of authenticator apps include - Microsoft Authenticator, Google Authenticator, LastPass and Authy.

All of the Authenticator Apps we will be recommending are free. There are paid options available which you or your team may decide to use if you wish.

Approved Users should not share any MFA codes or One Time Password’s (OTP) with anyone. Cyber attackers will commonly attempt to get these codes or OTP’s from victims in order to bypass the MFA implementation. If you are asked for your MFA code or OTP, please decline and notify the NZCAR Manager at [email protected].