The secrets of two-factor authentication

Today, it is nearly impossible to use a website or platform without having to prove your identity. Social networks, banking apps, or various websites all require you to create an account and identify yourself each time you log in. Discover all the secrets of two-factor authentication with Matthieu Jungers and Luc Cottin !

Authentication methods

Two-factor authentication is a strong authentication method where a user can access a computer resource after presenting two distinct proofs of identity to an authentication mechanism.

In general, authentication methods are grouped into three main categories, and their security levels are not always the same. For maximum security, it is highly recommended to combine several of these factors:

• Something I know: a code to remember. Be cautious, this technique is impossible to steal if configured correctly, but it can sometimes be challenging to remember the chosen password
• Something I have: synonymous with an object or identity proof software such as an ID card… This method is vulnerable to theft and loss. However, it is effortless to manage since you only need to have a unique document.
• Something I am: this refers to biometric data like fingerprints or facial recognition. Be cautious with this authentication method, as it can be risky! If someone were to steal your biometric data, it would be impossible to change!

Today, the statistics in businesses still show high numbers of accounts being hacked! 99% of hacked accounts do not use strong authentication. This demonstrates that teams are still insufficiently aware and trained on the risks involved.

PFS Companies: How scould they Comply ? 

For companies regulated by the CSSF, Circular 22/804 will come into effect in June 2022. This circular, related to teleworking, requires PSF companies to use a two-factor method. It is essential for these companies to comply with the circular to avoid being deemed non-compliant by the CSSF. Furthermore, these companies would expose themselves to a high risk of cyberattacks.

One of the solutions implemented to meet this security need is Microsoft Authenticator. Combined with conditional access, Microsoft facilitates users’ daily connections outside of the company. But be careful; to maximize security, you should not download applications in the cloud so that your passwords are not saved.

You also have access to other existing solutions to secure your connections, such as HID, Duo Security, or Passbolt. Passbolt, a Luxembourg-based start-up, was awarded the “European Security Start-up Award” in 2022. It is an open-source password management application in the form of a safe. You simply need to integrate all your passwords into it, which you will eventually access through an authentication phrase that you must enter every day. Be cautious; if you forget your access phrase, your initial safe will no longer be accessible, and you will have to create a new one.

Wallix 

Finally, Wallix. Also known as the ZeroTrust solution, Wallix Authenticator ensures that the right person is connecting to the server.

Today, passwords for servers are no longer communicated to IT managers. Privileged access is applied. When authentication is performed on Wallix with a user and password, a final source verification is made.

Using Wallix is interesting for PSF companies since they must report to the CSSF on server connections. With Wallix, you will have access to all connection logs and actions performed thanks to screen recordings.

How to know if my data has been used ?

« Have I been Pwned » and « Firefox Monitor » are websites where you can check if your email address, phone number, or passwords have been leaked. Once on the homepage, enter your email address in the designated space and verify that everything is in order! In case of a leak, you can check on which site your data was stolen! Then, you can secure everything again!

You now know the secrets of two-factor authentication!

Revew the webinar (FR)