This guide explains how to enable two-factor authentication, also known as two-factor authentication (2FA) or two-step verification for logging in to the Acronis application used with Swiss Backup.

Configure two-factor authentication

Two-factor authentication (2FA) is a type of multi-factor authentication that verifies a user's identity by using a combination of two different factors:

• something the user knows (a PIN code or password)
• something the user has (a token)
• something that is part of the user (biometrics)

Two-factor authentication provides additional protection against unauthorized access to your account.

The platform is compatible with time-based one-time password (TOTP). If TOTP authentication is enabled in the system, users must enter their usual password along with the unique TOTP code to access the system. In other words, a user provides the password (first factor) and the TOTP code (second factor). The TOTP code is generated in the authentication application of the device that applies the second factor, based on the current time and the secret code (QR code or alphanumeric code) provided by the platform.

How it works

How 2FA works:

1. You enable two-factor authentication at the organization level.
2. All users in the organization must install an authentication application on the device that applies the second factor (mobile phone, laptop or desktop computer, or tablet) and that will be used to generate unique TOTP codes, for example:
   • Google Authenticator iOS / Android
   • Microsoft Authenticator iOS / Android
3. Users must ensure that the time displayed on the device where the authentication application is installed is correctly set and reflects the current time.
4. Users in your organization must log back into the system.
5. After entering their username and password, they will be prompted to set up two-factor authentication for their user account.
6. They must scan the QR code using their authentication application. If it is not possible to scan the QR code, they can use the displayed TOTP secret code below and add it manually in the authentication application:
   • It is strongly recommended to save it (print the QR code, write down the TOTP secret code, use an application compatible with code backup in the Cloud). You will need the TOTP secret code to reset two-factor authentication if you lose the device that applies the second factor.
7. The unique TOTP code will be generated in the authentication application. It is automatically regenerated every 30 seconds.
8. On the "Set up two-factor authentication" screen, users must enter the TOTP code after entering their password.
9. As a result, two-factor authentication will be set up for the users.

From now on, when users log in to the system, they will be prompted to provide the identifier and password, then the unique TOTP code generated in the authentication application. Users can indicate that the browser is a trusted browser when they log in to the system. The TOTP code will not be requested for subsequent logins performed with this browser.

Two-factor authentication

Two-factor authentication provides additional protection against unauthorized access to your account. When two-factor authentication is set up, you must enter your password (first factor) and a unique code (second factor) to log in to the service console. The unique code is generated by a special application that must be installed on your mobile phone or another device you own. Even if someone discovers your identifier and password, they still won't be able to log in without accessing the device that applies the second factor.

The unique code to set up two-factor authentication for your account is generated based on the current time of the terminal, as well as the secret code provided by the Cyber Protection service in the form of a QR code or an alphanumeric code. When you first log in, you must enter this secret code in the authentication application.

Set up two-factor authentication for your account

You can and should set up two-factor authentication for your account when two-factor authentication has been enabled by an administrator for your organization. If two-factor authentication was enabled while you were logged in to the Cyber Protection service console, you will need to set it up at the end of your current session.

Prerequisites

• Two-factor authentication must be enabled for your organization.
• You must be logged out of the Cyber Protection service console.

Next:

1. Choose a device for the second factor. This is often a mobile phone, but you can also use a tablet, laptop, or desktop computer.
2. Make sure the time displayed on the device is correctly set and reflects the current time, and that the device locks itself after a period of inactivity.
3. Install the authentication application on the device. Possible applications are Google Authenticator, Authy, etc.
4. Go to the Cyber Protection service console login page and set your password. The service console displays the QR code and the alphanumeric code.
5. Save the QR code and the alphanumeric code in a convenient way (e.g., print the screen, write down the code, or save the screenshot in cloud storage). If you lose the device that applies the second factor, you can reset two-factor authentication using these codes.
6. Open the authentication application, then perform one of the following actions:
   • scan the QR code
   • manually enter the alphanumeric code in the application (the authentication application generates a unique code; a new code will be generated every 30 seconds).
7. Return to the Cyber Protection service console login page and enter the generated code. A unique code is valid for 30 seconds. If you wait more than 30 seconds, use the code generated right after.

When you log in next time, you can select the Trust this browser checkbox. If you do, the unique code will not be required for your login with this browser on this machine.

And if...

... I have lost the device that applies the second factor?

If you have a reliable browser, you will be able to log in using it. However, when you have a new device, repeat steps 1 to 3 and 6 to 7 of the procedure above using the new device and the stored QR code or alphanumeric code.

If you have not saved the code, ask your administrator or Infomaniak support to reset two-factor authentication for your account, then repeat steps 1 to 3, and 6 and 7 of the procedure above using the new device.

... I want to change the device that applies the second factor?

When logging in, click on the Reset two-factor authentication link, confirm the operation by entering the unique code, then repeat the procedure above using the new device.