Multi-factor authentication (MFA) is becoming more and more common across NZ and the world! You're likely to have already experienced using some form of MFA in your day to day, whether that is accessing your bank account, making a payment on a website, or logging into your email account.

MFA is an identity verification method in which a user must supply at least 2 pieces of evidence, such as their password and a temporary passcode (sent to or shown in a secure location), to prove their identity.

Two-factor authentication, or 2FA, SSO, along with similar terms are all types of MFA.

MFA adds additional layers of security, making unauthorised access significantly more challenging. By requiring multiple forms of verification, MFA ensures that even if one factor is compromised, unauthorised users are unlikely to have access to the other required factors.

Most people will be familiar with MFA in the forms of -

• 'Biometric Verification': scanning your finger print or facial recognition (used by many banks)
• 'Text or email code Verification': when attempting an action (such as logging in) a code is text or emailed to the recorded details for that account. This code must be entered to complete the log in.
• 'Security Questions': This is a simpler form of MFA. These are questions that only the user should know the answer to, like their mothers maiden name, or the user’s first employer.

The NZ Companion Animal Register is home to over 1.3million animal registrations and their associated guardians details. We take security of this data very seriously and is why we are moving to implement Multi Factor Authentication for all of our Approved Users who use the database every day to help get lost pets home.

Should anyone of our 1000 Approved User organisations suffer a cybersecurity breach, without MFA, it would be easier for attackers to maliciously access the NZCAR via your account.

The Privacy Commissioner has recently expressed that small businesses or organisations that hold or share personal information digitally, should have 2FA implemented as a minimum. 

“Two-factor authentication is a bare minimum we would expect for small businesses or organisations that hold or share personal information digitally.  If you are a small business that has a cyber-related privacy breach and don’t have at least two factor-authentication in place expect to be found in breach of the Privacy Act.”

https://www.privacy.org.nz/publications/statements-media-releases/office-of-the-privacy-commissioner-encourages-two-factor-authentication-in-war-on-cybercrime/

NZCAR Support staff already utilise MFA.

You do not need to have access to a mobile phone for use of your Authenticator App. Some users will have a work phone, and will find this the easiest way to access their Authenticator App but many users will not. We will be recommending a few different Authenticator app options which will suit different users - some can be accessed via a mobile phone, and some accessed via your internet browser.

Coming soon! Check back here from the beginning of November to find helpful guides which will help you through the MFA process.

From the 1st December 2024, all Approved Users including vets, SPCA, animal rescues and others who have authorised access to the NZCAR, will be required to use MFA when logging into their account. 

There will be some setting up so that your team can access from their chosen devices, using your chosen authenticator app. We will provide 'how to' guides and recommendations for each user type, to make this process as easy and pain-free as possible.

Your log in process will continue to look very similar to how it does currently, with one added step. Once you have correctly entered your accounts email and password, you will be prompted to enter a unique code from your chosen authenticator application. Once you have entered this code, you will be logged in as normal!

From 1st December, MFA will be required for all Approved Users. This includes those with Enquirer, Enquirer Plus and Implanter status. We are not implementing MFA for guardians, at this stage.

An Authenticator App is an application that generates a one-time code to help secure access to online accounts and add an additional layer of security to accounts.

Some examples of authenticator apps include - Microsoft Authenticator, Google Authenticator, LastPass and Authy.

Yes! If you already utilise an Authenticator app with other online accounts, you will likely be able to use this same app for access to the NZCAR. If you are a team, it may depend on how your team currently logs into the NZCAR and what device your existing Authenticator App is on, as to whether you will be able to use this for NZCAR access. Either way, we will provide guidance on this to make the process easy for you!

Yes! Teams who need to access the NZCAR on multiple computers, such as in reception, in consult and in the prep area, we recommend using the free version of LastPass Authenticator (there are paid versions available, but these are not required for accessing the NZCAR). Once you have created a LastPass account on one computer and connected this to the NZCAR, you just need to log into your new LastPass account on each of your computers once, then you are good to go! 

All of the Authenticator Apps we will be recommending are free. There are paid options available which you or your team may decide to use if you wish.

Approved Users should not share any MFA codes or One Time Password’s (OTP) with anyone. Cyber attackers will commonly attempt to get these codes or OTP’s from victims in order to bypass the MFA implementation. If you are asked for your MFA code or OTP, please decline and notify the NZCAR Manager at [email protected].