Enable validation in two steps (Save Acronis)

This guide explains how enable double authentication, also called two-factor authentication (A2F) or two-step verification (two-factor authentication in English, or 2FA) for connection to the Acronis application used with Swiss Backup.

Configure authentication to two factors

Two-factor authentication (2FA) is a type of multi-factor authentication, which verifies the identity of a user using a combination of two different factors:

• an item that a user knows (a PIN code or password)
• an item that a user has (a token)
• an element that is part of a user (biometrics)

Two-factor authentication protects you more from unauthorized access to your account.

The platform is compatible with authentication by unique password based on time (TOTP) If TOTP authentication is enabled in the system, users must enter their usual password and the unique TOTP code to access the system. In other words, a user provides the password (first factor) and the TOTP code (second factor). The TOTP code is generated in the device authentication application that applies the second factor, based on the current and secret code (QR code or alphanumeric code) provided by the platform.

Operation

How 2FA works:

1. You enable two-factor authentication at the level of your organization.
2. All users of the organization must install a authentication application on the device which applies the second factor (mobile phone, laptop or desktop, or tablet) and which will be used to generate unique TOTP codes:
   • Google Authenticator iOS / Android
   • Microsoft Authenticator iOS / Android
3. Users must ensure that the time indicated on the device on which the authentication application is installed is correctly defined and reflects the current time.
4. Users in your organization must reconnect to the system.
5. After entering their username and password, they will be asked to configure two-factor authentication for their user account.
6. They must scan the QR code using their authentication application. If it is not possible to scan the QR code, they can use the TOTP secret code displayed below and manually add it to the authentication application:
   • It is strongly recommended to save it (print the QR code, note the TOTP secret code, use the application compatible with saving codes in a Cloud). You will need TOTP secret code to reset authentication to two factors if you lose the device that applies the second factor.
7. The unique TOTP code will be generated in the authentication application. It is automatically regenerated every 30 seconds.
8. On the "Configure Two Factor Authentication" screen, users must enter the TOTP code after entering their password.
9. As a result, two-factor authentication will be configured for users.

Now, when users connect to the system, they will be asked to provide the identifier and password, then the unique TOTP code generated in the authentication application. Users can indicate that the browser is a reliable browser when connecting to the system. The TOTP code will not be requested during subsequent connections with this browser.

Two-factor authentication

Two-factor authentication protects you more from unauthorized access to your account. When two-factor authentication is configured, you must enter your password (first factor) and a unique code (second factor) to connect to the service console. The unique code is generated by a special application that must be installed on your mobile phone or another device belonging to you. Even if someone discovers your ID and password, they will still not be able to connect without accessing the device that applies the second factor.

The unique code to configure two-factor authentication for your account is generated based on the current time of the terminal, as well as the secret code provided by the service Cyber Protection in the form of a QR code or an alphanumeric code. When you first log in, you must enter this secret code in the authentication application.

Configure authentication to two factors for your account

You can and must configure two-factor authentication for your account when two-factor authentication has been activated by an administrator for your organization. If two-factor authentication was enabled while you were connected to the service console Cyber Protection, you will need to configure it at the end of your current session.

Prerequisites

• Two-factor authentication must be enabled for your organization.
• You must be disconnected from the service console Cyber Protection.

Next:

1. Choose a terminal for the second factor. It is often a mobile phone, but you can also use a tablet, laptop, or desktop computer.
2. Make sure that the time indicated on the terminal is correctly set and reflects the current time, and that the terminal locks itself after a period of inactivity.
3. Install the authentication application on the device. Recommended applications are Google Authenticator or Microsoft Authenticator (see above).
4. Go to the service console login page Cyber Protection and set your password. The service console displays QR code and alphanumeric code.
5. Record the QR code and alphanumeric code in a convenient way (e.g. print the screen, record the code, or save the screenshot in the cloud storage). If you lose the device that applies the second factor, you can reset the authentication to two factors using these codes.
6. Open the authentication application, then perform one of the following actions:
   • scan QR code
   • manually enter the alphanumeric code in the application (the authentication application generates a unique code; a new code will be generated every 30 seconds).
7. Return to the service console login page and enter the generated code. A unique code is valid for 30 seconds. If you wait more than 30 seconds, use the generated code right after.

When you next log in, you can select the box Trust this browser… If necessary, the unique code will not be required when connecting to this browser on this machine.

What if...

...I lost the device that applies the second factor?

If you have a reliable browser, you can connect with it. However, when you have a new device, repeat steps 1 to 3 and 6 to 7 of the above procedure using the new device and the registered QR code or alphanumeric code.

If you have not registered the code, ask your administrator or Infomaniak support reset two-factor authentication for your account, then repeat steps 1 to 3, and 6 and 7 of the above procedure using the new device.

...I want to change the device that applies the second factor?

When connecting, click on the link Reset authentication to two factors‍, confirm the operation by entering the unique code, then repeat the above procedure using the new device.