How to secure your Ameli account after the resurgence of hacking attempts via FranceConnect?
The information fell last week: following too many hacking attempts on the Ameli and Tax platforms, authentications via FranceConnect have been deactivated for several weeks. According to information from Chained Duckthe “technical maintenance” officially advanced would in fact be due to a letter sent by the Health Insurance Department to the Interministerial Digital Department (DINUM), and warning of a voluntary removal of access to the service on its portal.
At issue in this suspension until further notice of certain authentications, the resurgence of scam campaigns targeting individuals in their administrative procedures. What to push the official portals of Health Insurance and Taxes to suspend their access via FranceConnect to limit the risk of fraud. Note that this decision was not without consequences for some Internet users. Those who have already opted for authentication via the secure platform are therefore likely to find themselves blocked when connecting.
To secure your accounts on public portals, and protect you against phishing attempts, the first instinct is to protect your email address. This is often how hackers manage to recover sensitive data once your credentials have been obtained. If you can still access the Ameli or tax platforms, we advise you to change your passwords and opt for a strong, long, and unique key.
Some measures to secure your accounts
The most effective is still to activate double authentication. The tax site offers in particular the sending of a unique code by SMS at each connection. A good way to secure your account, without having to renew your password regularly. On Google services too, the two-factor connection has been generalized since the end of 2021, and now allows you to identify yourself more securely.
On Ameli, two-factor authentication does not exist, but a temporary code received by email is systematically sent to the e-mail address of the insured in the event of a change of password or bank details. In addition, since last spring, each connection has resulted in the sending of a notification by email to confirm that the insured is indeed at the origin of the process. Be careful to check that the email address you have entered is the correct one.
Also note that like the CPF, Ameli will never contact you to verify your identity or password. So beware of emails and SMS pretending to be Health Insurance.