This guide explains how to enable two-factor authentication, also known as two-factor authentication (2FA) or two-step verification for logging into the Acronis application used with Swiss Backup.

Setting up two-factor authentication

Two-factor authentication (2FA) is a type of multi-factor authentication that verifies a user's identity by using a combination of two different factors:

• something the user knows (a PIN code or a password)
• something that a user possesses (a token)
• something that is part of the user (biometrics)

Two-factor authentication provides additional protection against unauthorized access to your account.

The platform is compatible with authentication by time-based one-time password (TOTP). If TOTP authentication is enabled in the system, users must enter their usual password as well as the unique TOTP code to access the system. In other words, a user provides the password (first factor) and the TOTP code (second factor). The TOTP code is generated in the authentication application of the device that applies the second factor, based on the current time and the secret code (QR code or alphanumeric code) provided by the platform.

How it works

How 2FA works:

1. You enable two-factor authentication at the organizational level.
2. All organization users must install an authentication app on the device that applies the second factor (mobile phone, laptop or desktop, or tablet) and that will be used to generate unique TOTP codes, for example:
   • Google Authenticator iOS / Android
   • Microsoft Authenticator iOS / Android
3. Users must ensure that the time displayed on the device where the authentication application is installed is correctly set and accurately reflects the current time.
4. The users in your organization must log back into the system.
5. After entering their username and password, they will be prompted to set up two-factor authentication for their user account.
6. They must scan the QR code using their authentication app. If they are unable to scan the QR code, they can use the TOTP secret code displayed below and add it manually to the authentication app:
   • It is strongly recommended to record it (print the QR code, write down the TOTP secret code, use the application compatible with code backup in a Cloud). You will need the TOTP secret code to reset two-factor authentication if you lose the device that applies the second factor.
7. The unique TOTP code will be generated in the authentication application. It is automatically regenerated every 30 seconds.
8. On the «Set up two-factor authentication» screen, users must enter the TOTP code after entering their password.
9. As a result, two-factor authentication will be set up for users.

From now on, when users log in to the system, they will be prompted to enter the username and password, then the unique TOTP code generated in the authentication application. Users can indicate that the browser is a trusted browser when they log in to the system. The TOTP code will not be requested during subsequent logins made with this browser.

Two-factor authentication

Two-factor authentication provides additional protection against unauthorized access to your account. When two-factor authentication is set up, you must enter your password (first factor) and a unique code (second factor) to log in to the service console. The unique code is generated by a special application that must be installed on your mobile phone or another device you own. Even if someone discovers your username and password, they still won't be able to log in without accessing the device that applies the second factor.

The unique code to set up two-factor authentication for your account is generated based on the current time of the device, as well as the secret code provided by the service Cyber Protection in the form of a QR code or an alphanumeric code. When you first log in, you must enter this secret code into the authentication application.

Set up two-factor authentication for your account

You can and should set up two-factor authentication for your account when two-factor authentication has been enabled by an administrator for your organization. If two-factor authentication was enabled while you were logged into the service console Cyber Protection, you will need to set it up at the end of your current session.

Prerequisites

• Two-factor authentication must be enabled for your organization.
• You must be logged out of the Cyber Protection service console.

Next:

1. Choose a device for the second factor. This is often a smartphone, but you can also use a tablet, laptop, or desktop computer.
2. Make sure the time displayed on the device is correctly set and reflects the current time, and that the device locks itself after a period of inactivity.
3. Install the authentication app on the device. Possible apps include Google Authenticator, Authy, etc.
4. Go to the login page of the service console Cyber Protection and set your password. The service console displays the QR code and the alphanumeric code.
5. Save the QR code and the alphanumeric code in a convenient way (e.g., print the screen, write down the code or save the screenshot in the Cloud storage). If you lose the device that applies the second factor, you will be able to reset the two-factor authentication using these codes.
6. Open the authentication app, then perform one of the following actions:
   • scan the QR code
   • Enter the alphanumeric code manually into the application (the authentication application generates a unique code; a new code will be generated every 30 seconds).
7. Go back to the service console login page and enter the generated code. A unique code is valid for 30 seconds. If you wait more than 30 seconds, use the code generated just after.

On your next login, you can select the box Trust this browser… In this case, the unique code will not be required for your login with this browser on this machine.

What if...

… I have lost the device that applies the second factor?

If you have a trusted browser, you can log in using it. However, when you get a new device, repeat steps 1 to 3 and 6 to 7 of the procedure above using the new device and the stored QR code or alphanumeric code.

If you did not record the code, ask your administrator or support Infomaniak to reset two-factor authentication for your account, then repeat steps 1 to 3, and 6 and 7 of the procedure above using the new device.

… I want to change the device that applies the second factor?

When logging in, click on the link Reset two-factor authentication‍, confirm the operation by entering the unique code, then repeat the procedure above using the new device.