Access to the administrative panel is one of the main risk vectors. To prevent unauthorized login, we implement two-factor authentication (2FA), which requires not only a username and password, but also an additional confirmation code - by email, SMS or through an application (for example, Google Authenticator).
This level of protection is especially important for employees with access to finance, user data, and system settings.
What 2FA includes
| Confirmation method | Application details |
|---|---|
| Code by email | Sent to corporate or linked mail when logged in |
| Applications (TOTP) | Support for Google Authenticator, Authy, 1Password and others |
| SMS code | Alternative for countries where email delivery is unstable |
| Flexible activation | By role, IP, time of day, or manually by user |
| 2FA Event Log | Who activated when confirmed from which device/IP |
Functionality and configuration
Mandatory 2FA for sensitive roles (admin, accountant, etc.)
Trusted IP or Internal Subnet Exceptions
Scheduled/Scheduled Activation/Deactivation
Export 2FA confirmation and failure logs
Login Attempt and Authorization Error Notifications
Advantages
Significantly reduce account hacking risks
Transparency of inputs and attempts to bypass protection
GDPR, ISO, PCI DSS, and Intrinsic Security Compliance
Peace of mind for business owners and administrators
Flexibility of inclusion - from selective to mandatory policy
Where especially important
Casinos and gambling platforms with money and personal data
Financial and crypto services with sensitive access
SaaS platforms with client bases and rights management
Projects with a large number of employees and contractors
2FA is a minimal but critical level of protection. We will implement strong and flexible two-factor authorization so that the back office entrance is protected from external and internal threats.