The RCTS CERT the Security is a priority and essential for the successful delivery of our institution's services. Two-Factor Authentication (2FA) is the authentication process in which two of three possible authentication factors are combined.

The 3 possible authentication factors are:

Something the user knows, such as a password, a personal identification number (PIN code) or the answer to a secret question.
Something the user has, such as a smartphone or a USB device.
Something the user is, such as face, voice or fingerprint recognition.

Even with best-practice password policies in place, there's always a risk of them being compromised. This is where 2FA technology significantly enhances user authentication security by adding a second authentication factor to credentials based solely on username and password.

As more websites, services, and companies make this technology available, this additional protection is becoming more common. Although initially only a suggestion, it's now becoming almost mandatory, given the persistent cyberthreats that originate from anywhere in the world.

Resistance to adopting 2FA technology in companies is beginning to dissipate, and more and more companies are adopting it, thus minimizing security risks to their infrastructure and services.

This additional layer of security protects users, even if their credentials have been compromised, through a temporary, one-time code or password generated locally, in a smartphone app, or sent via SMS or email. Other methods may include sending a "Push Notification" (a message sent to the smartphone where the user simply approves or denies access) or using a "hard token."

Whatever 2FA solution is designed, it must be simple and easy to use to avoid resistance to its implementation.

This is a very important technology in the cybersecurity landscape, especially at a time when mobile work is contributing to increased cyber risk in companies and among their users.

2FA technology should be used for online banking transactions, online shopping (Amazon, PayPal, Google Play), email (Gmail, Microsoft, Yahoo, Outlook), cloud accounts (Apple, Dropbox), social media (Facebook, Instagram, LinkedIn, Tumblr, Twitter, Snapchat), productivity apps (Evernote, Trello), and communication apps (Skype, Slack). This technology should also be used when accessing corporate VPNs, as this access will naturally enable subsequent access to other resources, and it is crucial that this access does not rely solely on a password.

Other related articles

Spear-Phishing: Hacking the Mind and Accessing the Network

Phishing is one of the most common forms of cybercrime. This type of attack occurs when an attacker attempts to steal sensitive information, such as...

Read article

My first experience at BlackHat

Understanding how important it is to stay up-to-date on the latest techniques and methods used by attack teams and threat actors, I was able to attend the BlackHat USA 2023 conference for the first time.

Read article

Email malware attack. What it is and how to protect yourself.

It's crucial to understand the threats that can attack your organization and how to mitigate them. One such threat is malware, which often infiltrates organizations through seemingly harmless emails.

Read article

FCCN Conference Testimony: Rui Canizes – IPDJ

Rui Canizes, Head of the Technological Infrastructure Division at the Portuguese Institute of Sport and Youth (IPDJ), tells us what the Conferences have been like for him.

Read article

Cybersecurity student represents Portugal at TNC25

Aurora Vasconcelos, a master's student in Cybersecurity at the Polytechnic Institute of Viana do Castelo, is the Portuguese student chosen to take the stage at TNC25.

Read the news

European Commission invites industry and academia to form Cybersecurity Network

Applications for expressions of interest in joining the network are open until January 5, 2025.

Read the news

New training for cybersecurity teams

The training “CSIRT in a Box: Initial Training for Incident Response Teams”, available on the NAU platform.

Read the news

“Security is like a football referee: the more unnoticed, the better”

For 24 years, FCCN, FCT's digital services, has responded to cybersecurity incidents at national Higher Education and Research Institutions.

Read the news

Safer Internet Day (SID) 2024: Viseu hosts the initiative dedicated, this year, to Artificial Intelligence

February 6th marks the 21st Safer Internet Day (SID). The Safe Internet Center Consortium is organizing this national commemorative event, which takes place this year in Viseu. The SID Summit 2024 program is dedicated to Artificial Intelligence.

More information

Registration for FCCN Conference 2023 is now open

The 14th edition of the FCCN Conference will take place at the Naval School - Alfeite Base in Almada, between June 27th and 29th, 2023. Registration is now open and can be done through the event's new dedicated website.

More information

CSIRT-in-a-box 2022

RCTS CERT organizes, on November 3rd and 4th, a new edition of the CSIRT-in-a-Box Workshop.

More information

"The FCCN Unit exists to serve the community. The FCCN Unit Conferences are of enormous importance."

"One of our goals in organizing the Conferences is to take them around the country. We enjoy visiting the institutions we work for. We get to know them better, and they get to know us better."

More information