At WADA, appropriate handling of personal data in accordance with applicable data protection laws and industry standards is critical. Quite simply, athletes need to be able to trust that the Agency and its partners in the anti-doping community will respect their privacy and safeguard their personal data.
In addition, WADA must comply with privacy and data protection laws around the world. Applying data privacy measures, such as two-factor authentication will help us do so.
Accordingly, in order to further enhance the protection of personal information stored in WADA’s Anti-Doping Administration and Management System (ADAMS), the Agency will introduce two-factor authentication in order to log into ADAMS by July 2018.
Two-factor authentication (2FA) requires you to provide something from two of the following three categories:
- something you know, such as a password;
- something you have, such as a token (which can be obtained through a time-based one-time password (TOTP) or SMS); or
- something you are, such as from your biometric data.
All ADOs must enable 2FA using a ‘Temporary One-Time Password (TOTP) app such as Google authenticator (Android and iOS) or Microsoft authenticator (Android or iOS) for example. A 30 day grace period is provided to users to implement this requirement.
Anti-Doping Organizations managing athlete accounts can choose whether or not to impose this requirement on athlete users. WADA recommends requiring this feature of athletes with the requisite support necessary. Athletes may use 2FA either via TOTP or using SMS on their mobile devices. Should your organization not impose 2FA on athlete accounts, athletes will be able to disable this feature.