Hardly a day goes by without news of another personal data leak and its consequences. Since June 2018, Afnic has offered the two-factor authentication system (2FA) in its ecosystem. A new milestone will be passed on 7 April when Afnic strengthens its system by making this authentication mandatory, specifically in its communications and procedures with accredited registrars.
We take a look at the advantages of this mechanism, which ensures a space of strengthened trust and safety for personal data.
2FA, a must
As in the “Do-re-mi” song from the musical The Sound of Music – let’s start at the very beginning, a very good place to start.
Using 2FA is an obvious choice when you think of what’s involved:
Providing security as the party responsible (controller or processor) for the processing of substantial databases containing personal data, both one’s own and those entrusted by third parties.
Stemming the flow of data leaks, which has been torrential over the past two years. In its latest activity report, the CNIL (French Data Protection Agency) states that it was notified of 5,629 data breaches in 2024, 20% more than in 2023. It points in particular to an increase in very large-scale breaches involving cyberattacks and their consequences, the number having doubled in one year, affecting more than a million people.
Removing the element of anxiety when a new leak is announced: Am I affected or not? Will I be informed if I am affected? Will my data be added to the volume of data sold on the dark web, and if so which data? Will I be the victim of telephone phishing, spoofing or other such practices? Today? In a month’s time? A year’s time?
When a leak is announced, is it better to be able to say “phew! I’m not affected”…
or to be affected, have to review all the measures to be implemented and wait…
Isn’t it crazy to impose all this on ourselves?!
Registries and registrars, controllers of the data entrusted to us, all consider 2FA an indispensable policy for our sector, to be implemented without delay in our respective information systems, with access being made conditional thereupon.
In this regard, registrars can now activate 2FA to access Afnic’s web interfaces; a user’s guide is available on the Extranet to help Registrars with activating 2FA.
2FA implemented by the registrars
As part of its ongoing moves to strengthen the security of access to its services, Afnic will soon make the use of two-factor authentication (2FA) mandatory for its accredited registrars to log on for .fr and French overseas TLDs. This functionality will be necessary in order for them to access their Extranet accounts.
Multi-factor authentication (MFA) currently constitutes an essential security best practice and is considered a basic IT safety measure by the CNIL and the ANSSI (National Cybersecurity Agency):
In the past 12 months, two registrars – accredited for several TLDs, including .fr – have been the victims of cyberattacks. The necessary steps were taken promptly to notify the competent personal data protection authorities and to protect data subjects’ rights. Afnic was able to lend such assistance as was necessary.
These recent incidents affecting registrars serve as a reminder, if one were needed, that the risk of credentials being compromised is all too real in the domain name management sector.
Activating 2FA has some significant advantages:
- For holders: improved protection against unwanted alteration of domain name data if an Extranet account is spoofed.
- For registrars: reduced risk of phishing and spoofing incidents, of the need to notify the CNIL and the data subjects concerned of data breaches, and of sanctions for non-compliance with Article 32 of the GDPR.
With effect from 7 April 2026, it will be mandatory for Afnic accredited registrars to have activated 2FA: it will no longer be possible to log on to the Extranet for the .fr and French overseas TLDs with an account for which 2FA has not been activated.
Afnic urges registrars that have not yet done so to activate 2FA for each of their Extranet accounts, so as to be ready for this change and to ensure the continuity of their secure access.
That’s it as far as recommending and urging implementation of 2FA is concerned. Now let’s concentrate on implementing action for trust-based naming services.
On the same topic
Featured
News
03/02/26
Afnic’s study: the online presence of agricultural professionals ...
Afnic has published the sectoral breakdown of its “Réussir ...
Expert papers
“AI literacy, a major democratic challenge”
At a time when artificial intelligence is gaining headway in ...
Agenda
05/12/2026