we want to offer residents protection and also be reliable

2-factor authentication

QandR ensures that your data are secure. That security does however depend on password access. How secure is the password you have chosen, and can others access it in other ways? Passwords that can easily be guessed or written on physical notes are no exception. That is why more and more web applications allow for 2-factor authentication. That simply means that besides logging in with your password, you also have to confirm login on your phone. If this method is used to access your QandR account, QandR is quite sure that it is you (or someone else must both know your password and have access to your phone).


We have developed this 2-factor authentication at a customer's request. It is an example of the customized solutions that we can offer our customers. An other example, also to do with logging in, is SSO (Single Sign On). This means that you log in once using a trusted provider after which you have automatic access to multiple (connected) applications. That can be quite handy if your organisation wants to give its users secure and easy access to a range of applications.

In the public service domain it is of utmost importance that residents can be certain they are actually communicating with the relevant authority. This was part of the reason that the municipality of Purmerend asked us whether we could offer this extra authentication format. Their story is below.


Information security and privacy protection is of utmost importance to governments: 'we want to protect residents and be reliable'. Clear frameworks are in place to manage the information security of governments. In Purmerend we follow them as best we can. For example, there is a strong push for robust authorization management for access to applications. That is why we require 2-factor authentication for all new applications. We ask this of application vendors, but we also know that they don't always keep up with the pace to support all government demands. That also makes sense. For suppliers, the focus is strongly on the development of substantive functionalities.

Last year we wanted to use QandR for the dialogue with residents as well as internal brainstorming. Its set of instruments really adds something. But it was initially not possible to let organizers log in to their sessions via 2-factor authentication. From our point of view, this was a major obstacle, because precisely for these types of of dialogue formats it is important that you as a participant know who is organizing the session and what happens with the information collected. Simply put: 'when the municipality invites you to give your opinion, you want to make sure that you are talking to the municipality and not to an unknown third party'.

We were pleasantly surprised that Noterik was able to come up with a solution for the 2-factor login within a very short period of time. Fast, but also the modern way. Not with an SMS or something, but via an authenticator. A future-proof solution. We are completely satisfied that Noterik does not regard this solution as 'Purmerend customization', but offers it to all customers who want to use it. For us, this is the guarantee that the security measure is managed by the supplier. For the other municipalities that use QandR, this goes some way towards implementing the principle under Common Ground: 'create solutions that are applicable to all municipalities. So that not every government has to do everything itself'.

Henry Koning, Advisor O&I, Municipality of Purmerend

Please note that 2-factor authentication (2FA) is not part of the regular QandR facilitator account. But should it be relevant to your organisation, we can activate 2FA for your accounts as well. Please contact Rutger Rozendal on 020 2401145 or via rutger@qandr.eu.