Picto thématique

Rule n° 210 - The website offers at least two mechanisms to validate a secure operation.

The web being what it is, servers are increasingly asking users to validate certain operations using their mobile phones, in particular. However, users sometimes do not have access to their mobile phone and are therefore unable to validate the operations in question. This is particularly the case for people travelling abroad. To avoid this, offer a back-up solution that will still allow the operation to be validated.

#Security #Conception #Development

Goal

  • Prevent the risk of operational failure.
  • Avoid exclusion of users for technical or material reasons.

Implementation

For any operation secured by a system of double-factor authentication or other strong authentication type, provide the user with at least two mechanisms to choose from for using it (for example, authentication by SMS or by validation terminal).

Control

For any operation secured by a double-factor authentication or other strong authentication type system, check that the user has the choice between at least two mechanisms (for example, authentication by SMS or by validation terminal).

By Opquast - Read the license


Discover Opquast training and certification

The objective of these rules and the Opquast community mission is ‘making the web better’ for your customers and for everyone! Opquast rules cover the key major areas of risk that can negatively affect website users such as privacy, ecodesign, accessibility and security.

Opquast training has already allowed over 14,500 web professionals to have their skills certified. Train your teams or your students, contact us