Picto thématique

Rule n° 210 - The website offers at least two mechanisms to validate a secure operation.

The web being what it is, servers are increasingly asking users to validate certain operations using their mobile phones, in particular. However, users sometimes do not have access to their mobile phone and are therefore unable to validate the operations in question. This is particularly the case for people travelling abroad. To avoid this, offer a back-up solution that will still allow the operation to be validated.

#Security #Development

Goal

  • Prevent the risk of operational failure.
  • Avoid exclusion of users for technical or material reasons.

Implementation

For any operation secured by a system of double-factor authentication or other strong authentication type, provide the user with at least two mechanisms to choose from for using it (for example, authentication by SMS or by validation terminal).

Control

For any operation secured by a double-factor authentication or other strong authentication type system, check that the user has the choice between at least two mechanisms (for example, authentication by SMS or by validation terminal).

By Opquast - Read the license