Two-factor authentication as a tool to strengthen trust and security in digital environments

For years, the Clave Única has been the main mechanism for accessing a wide range of public services in Chile and, until now, this access relied on a single authentication factor, the password. However, just a few days ago, a Second Factor of Authentication (2FA) for the Clave Única was announced, as a result of a new effort by the Digital Government to protect personal data. Three other public bodies already use this mechanism: the Severance Funds Administrator (AFC), the Public Criminal Defender's Office and the Carabineros complaints system. Why are various state bodies opting for this security method?

Two-factor authentication (2FA) is an identity and access management security method that strengthens the protection of personal data and reduces the risk of fraud, hacking or identity theft.

Two-factor authentication adds an additional layer of protection to the identification mechanisms for accessing resources and data. In simple terms, when using 2FA, it is not enough to simply enter a regular password, but additionally requires confirming identity through a second factor, such as a code sent to the mobile phone, an authentication application or even biometric mechanisms.

The benefits of 2FA are manifold and undeniable. Companies using 2FA can significantly reduce the risk of improper access and impersonation attacks as this additional verification allows only the rightful owner to complete the login. This is critical as it prevents cyber criminals from stealing or destroying internal log data or third parties from accessing it for their own use, demonstrating a concern for the protection of personal and business assets.

Thus, in professional environments, the usefulness of implementing 2FA makes it possible to protect vulnerable databases and networks, and thereby comply with the duties required by Law 19.628 and its amendment by Law 21.719, on Personal Data Protection, particularly those relating to the duties of security and confidentiality in the processing of information, duties that are based on the principles of confidentiality, integrity and availability recognised in the Law.

It is key for an organisation, within the framework of these regulations and the digitalised environment in which we find ourselves, to adopt security measures considering the current state of the art, which precisely allow it to maintain an appropriate and updated level of security, such as the 2FA, which, in turn, contributes to strengthening proactive responsibility, demonstrating diligent and preventive management in the face of possible breaches.

In a context where digital transformation is advancing at great speed and the management of personal data has become transversal, the protection of digital identity is consolidated as an essential axis of regulatory compliance and citizen trust.

Chile faces the challenge of building a secure and trustworthy digital environment that allows the implementation of Law 19.628 and its amendment by Law 21.719 to be effective, not only from a regulatory point of view, but also from an operational and cultural point of view, and for this all institutions must understand that digital identity is not just a credential or password, but is the electronic representation of who we are before the State, companies and society. Its protection is, therefore, a matter of public and private interest, and it is a duty that must be assumed in a shared manner by all institutions that manage personal data and by the users themselves.

If we fail to strengthen trust in digital environments and promote a culture of cybersecurity at all levels, the Law and the years of legislative and institution-building efforts in the area of personal data protection may see their effectiveness and practical legitimacy diminished, leaving it as a regulatory framework without the capacity to transform the country's digital reality.

Therefore, in view of the entry into force of the new law on the protection of personal data, the incorporation of the double authentication factor in the Single Key is not merely a technological fact but an institutional decision that reflects its commitment to the effective protection of personal data and constitutes a concrete example of how technical standards can and should be a key tool to materialise trust, rights and responsibilities in the digital environment.