Swiss Data Centres
Your data remains exclusively yours. As a partner of Infomaniak Network SA, DIGITALABS ensures the preservation and protection of your information through proprietary solutions that prioritise confidentiality, integrity and security.
Entirely located in Switzerland, Infomaniak places your data outside the jurisdiction of the United States and China, ensuring maximum sovereignty and neutrality.
Legal Framework & Compliance:
Contextual Analysis — ISS
DIGITALABS provides expert consulting in Information Systems Security (ISS) and web platform security, covering back-end, front-end, databases and IoT ecosystems. We also train employees to raise cybersecurity awareness and reduce threat exposure.
Our specialists conduct on-site security assessments for private clients and SMEs, analysing their operational environment to deliver tailored solutions that strengthen web platforms and IT infrastructure.
With over 49 million WordPress downloads to date, according to their official counter, and nearly 43% of websites worldwide powered by WordPress, this open source content management system (CMS) remains a major web platform. It also holds a market share of approximately 60% among content management systems (CMS), making it a prime target for cyberattacks if sites are not regularly updated. Open source technologies offer flexibility but require periodic updates and proactive maintenance to remain operational and secure.
Vulnerability Identification
The context of an IT project strongly influences its security posture.
Wordfence Threat Intelligence data provides real-time information on global cyberattacks, exploits, brute-force attempts, malware and blocked vulnerabilities, highlighting the importance of continuous protection and monitoring. View the statistics from: Wordfence Threat Intelligence
When web applications are at the core of a business, strict security protocols must be followed:
- Modular and maintainable source code
- Database integrity and encryption
External access points in web portals:
- Contact forms
- Login or registration interfaces
- Password recovery systems
- External access to sensitive data
Forms are frequent targets. Unsecured URLs can also expose critical information, enabling retrieval of credentials or confidential documents.
High-quality source code is essential, but integrating security best practices from the earliest development stages remains the most effective method to prevent intrusions.
Authentication: SFA vs 2FA
The stronger the security, the greater the constraints — for both users and developers. Strategies must focus on what truly needs to be protected.
Single-Factor Authentication (SFA)
Relies on a single credential — username and password — to verify identity. Despite strict policies, this method remains vulnerable to:
- Phishing attacks
- Credential leaks
- Human error
Why 2FA Matters
To reliably verify who is performing an action online, smartphones now serve as the most secure identifier:
- Personal ownership — users rarely lose or lend their phone
- Built-in biometric security — Face ID, fingerprint
- Enhanced authentication — reduced password dependency
2FA Authentication Principles
Something you KNOW
Username, password, PIN code.
Something you HAVE
Smartphone, OTP device, security key.
Something you ARE
Biometric factor — fingerprint, retinal scan, voice recognition.
Combining these layers ensures a multi-factor defence against unauthorised access and data breaches.
Cybersecurity is a continuous process. By combining secure infrastructure, robust encryption, reliable authentication and proactive monitoring, DIGITALABS helps organisations build resilient and compliant digital ecosystems.
Authentication: Security and Digital Sovereignty
Access security no longer relies solely on a password. Authentication systems have evolved: each method offers a different level of protection, and not all provide the same guarantees in terms of digital sovereignty.
This comparison table incorporates the Swiss dimension, local hosting, independence from foreign infrastructure as a selection criterion in its own right.
| Method | What you do | How it works | Security | Sovereignty (CH) | Recommended use |
|---|---|---|---|---|---|
| FIDO2 Hardware Key | Plug in or tap the key | Physical device confirms login via open standard | ★★★★★ | Yes open standard, no cloud | High value accounts, critical access |
| Passkeys | Face ID, Touch ID or device PIN | Device proves your identity without a password (FIDO2/WebAuthn) | ★★★★★ | Depends on provider (e.g. Proton Pass: Yes) | Best available option - recommended |
| TOTP Authenticator App | Enter a 6-digit code | App generates a new code every 30 seconds (open standard) | ★★★★ | Yes (e.g. Proton Authenticator, Aegis) | Robust, compatible with most services |
| Password Manager | Autofill credentials | Generates and stores unique, complex passwords | ★★★★ | Yes (e.g. Proton Pass, self hosted Bitwarden) | Essential for all accounts |
| Backup Codes | Use a saved code | One time codes generated when 2FA is activated | ★★★ | Yes if stored offline | Emergency access only print and store securely |
| Push Notification | Tap "Approve" | App requests confirmation on your device | ★★★ | No (mostly Big Tech applications) | Convenient but vulnerable to push bombing |
| Magic Link | Click a link received by email | Passwordless login via single use, time limited link | ★★★ | Depends on email provider | Occasional access, simple client portals |
| Email Code | Enter the code received by email | One time code sent to your inbox | ★★ | Depends on provider (Proton Mail: Yes) | Acceptable fallback method |
| Social Login / OAuth | "Sign in with Google / Apple" | Third party account delegates authentication: single point of failure | ★★ | No US infrastructure, third party account required | Avoid for sensitive access |
| SMS Code | Enter the code received by SMS | Text message code, vulnerable to SIM swapping and SS7 attacks | ★★ | No telecom infrastructure | Legacy only, replace as soon as possible |
Key Takeaway
Digital security and digital sovereignty are not mutually exclusive. The FIDO2 and TOTP methods are the most secure. SMS is the least secure method.
Logging in via OAuth makes access easier, but transfers control of the account to a third party. It is therefore preferable to choose an open-source application governed by Swiss law, such as Proton Authenticator, for example.
It is essential to be able to switch to a more secure method if the platform offers one, especially when accessing sensitive data.
Secure Your Infrastructure
Our experts assess your needs and implement tailored protection solutions.