Authenticate with multifactor or double factor in theHèstia will allow us to add an extra layer of protection to our data. This security measure can be the difference between being vulnerable or not to possible cyberattacks, as it greatly increases the difficulty for potential attackers when it comes to accessing our system access credentials.
That is why in theHèstiaGiven the sensitivity and level of protection that we must guarantee for the data we collect and process, it is mandatory for us to apply a double authentication factor. The mandatory use ofHèstia it will be from next May 18th of 2020. This measure is aligned with the guidelines of the National Security Scheme.
Users will need to identify themselves as always with their username and password and a second added option that they will have previously chosen and configured:
- T-CAT / T-CAT P (*recommended option): with this option you only need to access theHèstia using the “Access with Certificate” button. If you have a Digital Identity Certificate, it is the best option (the DNIe also works)
- With a Verification code installed on your mobile: This is an easy and cost-free solution that does not affect the terminal, whether it is particular or not. You need to configure the option by following the instructions that appear when you click the "Sign in" option. You only need to configure it the first time
- With a Verification code installed in your browser of the user's pc / laptop (each potential user of the same pc / laptop must have the verification code installed in their Windows session). You only need to configure it the first time
In case of forgetting the mobile phone or any other casuistics, the coordinator or support staff can force the restart of the second factor, by clicking the “Reset MFA” button which is found in the same user configuration section within theHèstiaThe user will have to reconfigure the new factor chosen on the first new access.
Faced with the current crisis in which we find ourselves, and the reality of not being able to do without the activity that the basic teams of social services carry out with the most vulnerable groups of people, either in person or through telework, from the Consortium AOC has enabled the option to be able to identify with double factor, from the section of configuration of the users, for all that so decides it. This option aims to help prevent system vulnerabilities and access to ABSS data by outside and unwanted entities, by connecting professionals in many cases from their private computers.
Also, we want to emphasize the recommendations made from the Quick Guide to Telework Safety published on the AOC website.
The AOC Consortium wishes to wish the best of all Basic Social Services teams in these difficult times and thank and acknowledge their unconditional dedication to the people.
