Activating Two Factors Authentication

In order to log into their licence, a user has to use their user name and the personal password that they defined themselves after receiving their access confirmation e-mail.

The access to a licence is therefore linked to the e-mail address of a user.

In order to provide increased security, especially to guarantee the protection of private data regarding GDPR, Actito offers the possibility to set up "two factors authentication".

images/download/thumbnails/626655287/image2019-11-27_12-26-31.png

Basics

The concept of "two factors authentication" (or 2FA) consists in multiplying the pieces of evidence required to let a user log in.

To be efficient, the authentication method should combine two factors of different nature :

  • Something the user knows : the principle is identical to standard single factor authentication. This is a password.

  • Something the user has : a code sent to a communication tool belonging ot the user. This one-time code will have to be provided to log in.

Two options are available for sending the code :

SMS 2FA

The code will be sent by SMS message to a mobile phone number associated to the user account. Therefore, only someone in possession of the phone will be able to connect to the licence. As mobile phones are usually kept on oneself at all times, this allows to set up strong security without inconveniencing the users.

Prerequisite

To activate SMS two factors authentication, a valid mobile phone number must be provided for each user.

It is possible for the licence administrator to complete the existing users thanks to the "Manage users" application.

Every new user account must have a valid mobile phone number.

Email 2FA

The code will be sent to the e-mail address associated to the user account. As we strongly advise to only create Actito account based on a professional address, anyone who needs to log into the licence will be able to easily retrieve the code on his professional mailbox.

As an e-mail address is required at the creation of any new user, there are no additional pre-requisite to the use of e-mail 2FA. This implies however that the code will be sent to the same resource as the password reminder process.

Set-up

To set up two factors authentication, the licence administrator should make a request to their account manager (Customer Success Manager) or to the Actito support (support@actito.com).

Good to know

2FA must be activated globally on a licence. It is not possible to only activate 2FA for specific users.

Similarly, the chosen communication channel (SMS or e-mail) will be the same for everyone.

Logging in

To connect to your licence after activating "2FA", your authentication will be done in 2 steps.

The first one will remain identical to single factor authentication. You need to provide:

  • The name of licence

  • Your login (user name)

  • Your password (which is still linked to your e-mail address

images/download/attachments/626655287/image2019-11-27_13-30-12.png

If the login and password combination is correct, you will receive a code by SMS message or by e-mail and you will be directed towards a second screen.

Enter the code to access the licence.

In case of erroneous code, you will go back to the first screen and will have to provide your password again.

images/download/attachments/626655287/image2019-11-27_13-33-21.png

Tip

The code also acts as a warning if someone acquired your password and tries to connect to your account.

If you receive an SMS message or an e-mail while you did not try to log in, please contact security@actito.com.

Code validity

Once sent, the code will remain valid for 5 minutes or until the next request (in which case only the new code is valid).

It is possible to request the code to be sent again (once per minute), but it requires you to re-enter your password.

The input of several erroneous codes in a row will temporarily block the user account.