Enable Acronis 2-Step Verification

This guide explains how  to enable two-factor authentication , also called two-factor authentication (A2F) or two-factor authentication, or 2FA, for connecting to the Acronis application used with Swiss Backup.

Configure two-factor authentication

Two-factor authentication (2FA) is a type of multi-factor authentication, which verifies a user's identity using a combination of two different factors:

• Something a user knows (a PIN or password)
• An item that a user owns (a token)
• An item that is part of a user (biometrics)

Two-factor authentication further protects you against unauthorized access to your account.

The platform is compatible with time-based one-time password (TOTP) authentication . If TOTP authentication is enabled in the system, users must enter their usual password and the unique TOTP code to access the system. In other words, a user provides the password (first factor) and the TOTP code (second factor). The TOTP code is generated in the device authentication application which applies the second factor, based on the current time and the secret code (QR code or alphanumeric code) provided by the platform.

Functioning

1. You enable two-factor authentication at your organization level
2. All users in the organization must install an authenticator app on the device that enforces the second factor (mobile phone, laptop or desktop computer, or tablet). This application will be used to generate unique TOTP codes. The recommended authenticators are:
   • Google Authenticator iOS app version ( https://apps.apple.com/app/google-authenticator/id388497605 ) Android version ( https://play.google.com/store/apps/details?id=com. google.android.apps.authenticator2 )
   • Microsoft Authenticator iOS app version ( https://apps.apple.com/app/microsoft-authenticator/id983156458 ) Android version ( https://play.google.com/store/apps/details?id=com. azure.authenticator )
   Users should ensure that the time shown on the device on which the authenticator app is installed is set correctly and reflects the current time.
3. Users in your organization need to log back into the system
4. After entering their username and password, they will be prompted to set up two-factor authentication for their user account
5. They must scan the QR code using their authenticator app. If unable to scan the QR code, they can use the TOTP secret code shown below and add it manually in the authenticator app
   It is strongly recommended to register it (print the QR code, write down the TOTP secret code, use the application compatible with saving codes in a Cloud). You will need the TOTP passcode to reset the two-factor authentication if you lose the device that enforces the second factor.
6. The unique TOTP code will be generated in the authenticator app. It is automatically regenerated every 30 seconds
7. On the "Set up two-factor authentication" screen, users must enter the TOTP code after entering their password
8. As a result, two-factor authentication will be configured for users

Now, when users log into the system, they will be prompted for the username and password and then the unique TOTP code generated in the authenticator app. Users can mark the browser as a trusted browser when they log into the system. The TOTP code will not be requested during subsequent connections made with this browser.

Two-factor authentication

Two-factor authentication further protects you against unauthorized access to your account. When two-factor authentication is configured, you must enter your password (first factor) and a unique code (second factor) to log in to the service console. The unique code is generated by a special application that must be installed on your mobile phone or other device belonging to you. Even if someone finds out your username and password, they still won't be able to log in without accessing the device that enforces the second factor.

The unique code to configure two-factor authentication for your account is generated based on the current time of the terminal, as well as the secret code provided by the Cyber Protection service in the form of a QR code or a code alphanumeric. During the first connection, you must enter this secret code in the authenticator application.

To set up two-factor authentication for your account

You can and should set up two-factor authentication for your account when two-factor authentication has been enabled by an administrator for your organization. If two-factor authentication was enabled while logged into the Cyber Protection service console , you will need to configure it when your current session expires.

Prerequisites

• Two-factor authentication is enabled for your organization.
• You are logged out of the Cyber Protection service console .

1. Choose a terminal for the second factor. It's often a cell phone, but you can also use a tablet, laptop, or desktop computer
2. Ensure that the time shown on the device is set correctly and reflects the current time, and that the device locks itself after a period of inactivity
3. Install the authenticator app on the device. Recommended apps are Google Authenticator or Microsoft Authenticator
4. Access the Cyber Protection service console login page and set your password. The service console displays the QR code and the alphanumeric code
5. Save QR code and alphanumeric code conveniently (e.g. print screen, write down code or save screenshot to cloud storage). If you lose the device that enforces the second factor, you can reset the two-factor authentication using these codes
6. Open the authenticator app, then do one of the following:
   • Scan the QR code
   • Manually enter the alphanumeric code in the app
   The authenticator app generates a unique code. A new code will be generated every 30 seconds.
7. Return to the service console login page and enter the generated code. A unique code is valid for 30 seconds. If you wait more than 30 seconds, use the code generated right after

The next time you log in, you can select the Trust this browser… checkbox, if so, the unique code will not be required when logging in with this browser on this machine.

And if...

… I lost the device that applies the second factor?

If you have a reliable browser, you will be able to log in using it. However, when you have a new device, repeat steps 1-3 and 6-7 of the above procedure using the new device and the registered QR code or alphanumeric code.

If you didn't save the code, ask your administrator or Infomaniak Support to reset two-factor authentication for your account, then repeat steps 1-3, and 6-7 from the procedure above using the new device.

… I want to change the device that applies the second factor?

When logging in, click the Reset two-factor authentication link , confirm the operation by entering the unique code, then repeat the above procedure using the new device.