Rule n° 215 - Secure operations can be validated by at least two means.

The web being what it is, servers are increasingly asking users to validate certain operations using their mobile phones, in particular. However, users sometimes do not have access to their mobile phone and are therefore unable to validate the operations in question. This is particularly the case for people travelling abroad. To avoid this, offer a back-up solution that will still allow the operation to be validated.

#Conception #Development #Security
Previous Next

Goal

  • Prevent the risk of operational failure.
  • Avoid exclusion of users for technical or material reasons.

Solution technique

For any operation secured by a system of double-factor authentication or other strong authentication type, provide the user with at least two mechanisms to choose from for using it (for example, authentication by SMS or by validation terminal).

Moyen de contrôle

For any operation secured by a double-factor authentication or other strong authentication type system, check that the user has the choice between at least two mechanisms (for example, authentication by SMS or by validation terminal).