At RCTS CERT Security is the priority and is essential for the smooth performance of our institution's services. Two Factor Authentication (2FA) is the authentication process in which two of three possible authentication factors are combined.

The 3 possible authentication factors are:

Something the user knows, such as a password, a personal identification number (PIN code), or the answer to a secret question.
Something that the user has, such as a smartphone or a USB device.
Something the user is, such as face or voice or fingerprint recognition.

Even if best-practice password policies are implemented, there is always the risk that they will be discovered. And it is in this context that 2FA technology significantly strengthens user authentication security by adding a second authentication factor to credentials based only on username and password.

As more and more websites, services and companies make this technology available, this additional protection is becoming more common. Although it was initially just a suggestion, today the trend is for it to become almost mandatory, due to persistent cyberthreats originating anywhere on the planet.

The resistance to adopt 2FA technology in enterprises is starting to dissipate and more and more are adopting it, thus minimizing security risks to their infrastructure and services.

This additional layer of security protects users, even if their credentials have been compromised, through a temporary, one-time use code or password generated locally in a smartphone app or sent via SMS or email. Other methods may include sending a "Push Notification" (a message sent to the smartphone where the user simply approves or denies access) or using a "hard-token".

Whatever 2FA solution is designed, it should be simple and easy to use, in order to avoid resistance in its implementation.

This is a very important technology in the cybersecurity landscape, especially at a time when mobile working is contributing to increased cyber risk in companies and among their users.

2FA technology should be used in internet banking, online shopping (Amazon, PayPal, Google Play), email (Gmail, Microsoft, Yahoo, Outlook), cloud accounts (Apple, Dropbox,), social networks (Facebook, Instagram, Linkedin, Tumblr, Twitter, snapchat), productivity applications (Evernote, Trello), communication applications (Skype, Slack). Above all, this technology should also be used when accessing corporate VPNs, because naturally this access will enable further access to other resources, and it is crucial that this access does not depend solely on a password.

Other related articles

My first experience at BlackHat

Understanding how important it is to be up-to-date on the latest techniques and methods used by attack teams and threat actors, I was able to attend the BlackHat USA 2023 conference for the first time.

Read article

Malware attack by e-mail. What it is and how to protect yourself.

It is crucial to know the threats that can attack your organization and how to mitigate them. One such threat is malware, which often infiltrates organizations through apparently harmless emails.

Read article

Testimonial Jornadas FCCN: Rui Canizes - IPDJ

Rui Canizes, Head of Technological Infrastructures Division at the Portuguese Institute for Sports and Youth (IPDJ), tells us what the Jornadas have been for him.

Read article

Testimonial Jornadas FCCN: António Luís Lopes - ISCTE-IUL

António Luís Lopes, responsible for the information systems development team at ISCTE-Instituto Universitário de Lisboa, tells us what the conference usually means to him and what are the expectations for the 2023 edition.

Read article

1st RCTS Cyberrange: a controlled space to train in defending and attacking computer systems

This cybersecurity initiative had 64 participants from 26 different institutions, divided into 10 groups. The winning team was made up of members from the University of Coimbra and the Polytechnic Institute of Cávado and Ave.

Read the news

7 tips for safe online shopping

Safe online shopping is especially important on Black Friday and Cyber Monday. Here are seven tips to ensure safe transactions.

Read the news

European Cybersecurity Month. Protecting the community

October is another Cybersecurity Month. Throughout the month, the FCCN Unit will be taking part in this initiative coordinated by ENISA and the European Commission.

Read the news

Unit FCCN launches digital service catalog

FCCN launches a digital catalog of services, dedicated to the solutions it provides for the academic community. An up-to-date digital portfolio that is easy to consult.

Read the news

Safer Internet Day (SID) 2024: Viseu hosts this year's initiative dedicated to Artificial Intelligence

February 6th marks the 21st edition of Safer Internet Day (SID). The Safer Internet Center Consortium is organizing this national commemorative event, which will be held this year in Viseu. The SID Summit 2024 program is dedicated to Artificial Intelligence.

More info

Registration for the Jornadas FCCN 2023 is now open

The 14th edition of the Jornadas FCCN will take place at the Naval School - Alfeite Base in Almada, between June 27 and 29, 2023. Registration is now open and can be done via the event's new dedicated website.

More info

CSIRT-in-a-box 2022

RCTS CERT organizes, on November 3 and 4, a new edition of the CSIRT-in-a-Box Workshop.

More info

"Unity FCCN exists to serve the community. The Jornadas da Unidade FCCN are extremely important"

"One of the goals we have, in organizing the Days, is to take them around the country. We like to go to the institutions we work for. We get to know them better and they get to know us better."

More info