With cyberattacks becoming more sophisticated and people still using “12345” as a “secure” password (yes, really), your data could be at risk. Sometimes, a password alone is not enough, and that is why 2FA (Two-Factor Authentication) exists. For companies managing sensitive ESG data, emission inventories, and compliance reports, adding this extra security layer is not optional; it is essential.
What is 2FA?
2FA adds an extra layer of security to prevent unauthorised access. With this enabled, in addition to your password, you need a second factor: a unique code sent to your mobile or an authentication app (such as Google Authenticator or Microsoft Authenticator).
The concept behind 2FA is simple: even if someone obtains your password, they cannot access your account without also having physical access to your second authentication device. This dramatically reduces the risk of unauthorized access from stolen credentials, phishing attacks, or brute-force attempts.
Two-factor authentication relies on combining two of three possible authentication factors:
- Something you know: Your password or PIN.
- Something you have: Your phone, a hardware security key, or an authentication app.
- Something you are: Biometric data like a fingerprint or facial recognition.
Most 2FA implementations in business software use the first two factors: a password combined with a time-based code from an authentication app.
How does it work?
You have probably used 2FA before without realising it. Ever logged into an app and been sent a verification code via email or SMS? That is 2FA in action.
Here is how it works in Dcycle:
- You log into Dcycle and enter your password.
- The system prompts you to verify your identity with a security code.
- You open your authentication app, which displays a six-digit code that refreshes every 30 seconds.
- You enter the code in Dcycle.
- Secure access: no intruders allowed.
The entire process adds only a few seconds to your login but provides significantly stronger protection for your account and the sensitive data it contains.
Why is it more secure?
2FA addresses several common security vulnerabilities:
Protection against stolen passwords: If someone steals your password through a data breach or phishing attack, they still cannot log in. They need the second factor, which is only available on your physical device.
Prevention of unauthorized device access: Every new login from an unrecognized device requires verification. This means that even if credentials are compromised, access from unknown locations or devices is blocked.
Defense against automated attacks: Bots and automated tools that try thousands of password combinations cannot generate the time-based security codes that 2FA requires.
Compensation for weak passwords: While a stronger password is always better, 2FA provides meaningful protection even if your password is not as robust as it should be.
Why 2FA matters specifically for ESG platforms
Environmental, social, and governance data carries unique sensitivity. Consider what a security breach could mean:
- Emission data manipulation: Unauthorized modifications to carbon footprint calculations could lead to inaccurate regulatory filings under CSRD or national reporting requirements, potentially resulting in compliance violations and penalties.
- Supplier data exposure: ESG platforms often contain detailed information about supply chain partners, including contract terms, environmental performance data, and audit results. A breach could expose commercially sensitive relationships.
- Financial implications: ESG metrics increasingly influence investment decisions, credit ratings, and insurance terms. Compromised data could affect a company’s access to sustainable finance or its standing with ESG rating agencies.
- Reputational damage: If a company’s sustainability data is breached or tampered with, it undermines stakeholder trust in all of the organization’s ESG communications.
For these reasons, many enterprise clients and regulatory frameworks (including ISO 27001) require that platforms handling sensitive business data support multi-factor authentication.
Should you enable 2FA in Dcycle?
Many companies now require 2FA for external tools as part of their information security policies. If you have not activated it in Dcycle yet, you can request it now. It only takes a few seconds to set up and could prevent a serious security breach of your ESG data.
Here is a quick guide to getting started:
- Log in to your Dcycle account.
- Navigate to your security settings.
- Enable Two-Factor Authentication.
- Scan the QR code with your preferred authenticator app (Google Authenticator, Microsoft Authenticator, or any TOTP-compatible app).
- Enter the verification code to confirm setup.
From that point forward, each login will require both your password and the authentication code. For teams managing your company’s carbon footprint data and compliance reports, this simple step provides a meaningful improvement in data security.
If you have questions about security features in Dcycle, including SSO integration and role-based access controls, contact our team to discuss your organization’s requirements.
