Everyone is familiar with the multi-factor authentication (MFA) process from withdrawing money at an ATM: The first factor is the bank card, the second factor is the PIN. In online banking, a combination of log-in data and transaction number (TAN) is used. Customers receive the TAN, which is only valid once, as an SMS (smsTAN) or app notification (pushTAN) on their smartphone, or they generate it themselves using a TAN generator and chip card (chipTAN).
Transferred to the Deggendorf University of Technology, your first factor is the already known username-password combination, which you already needed daily to log in to Windows or to web services PLUS in the future a second factor via an app release or a security key (the latter mainly for staff).
Why multi-factor authentication?
Access data can quickly fall into the wrong hands. On the one hand, attackers exploit the ignorance and credulity of many Internet users to steal login information. Classic e-mails (phishing) are often used here, which simulate a supposedly valid and secure site in order to steal data. On the other hand, cybercriminals gain direct access to inadequately secured provider databases containing thousands or even millions of credentials.
However, multi-factor authentication protects an account even if credentials have been compromised. This is because attackers cannot gain access to the account with a user name and password alone, because they lack the MFA key as an additional factor for proving identity.
What should i do if i no longer have access to my authenticator?
If you no longer have access to your Microsoft Authenticator app due to a device change, damage or loss of your smartphone, please contact our IT-Support: It-support@th-deg.de.
Please note: A smartphone is required to use the Microsoft Authenticator app.
How do I set up multi-factor authentication?
In the following instructions we distinguish between the target groups students and staff.
Students
As a primary second factor in addition to the already known username/password combination, we recommend that students use the smartphone app "Microsoft Authenticator" (or any other OATH/TOTP app such as Google Authenticator). To avoid being locked out after changing your cell phone, it is recommended that you configure a backup for your smartphone or, as a fallback solution, configure your cell phone number as an additional second factor (TAN will then be sent via SMS). However, if you have a security key, you can of course also store it.
Instructions:
Recommended standard variant: Initial Setup - Microsoft Authenticator App
Backup-Variant: Phone-Method (SMS)
Staff
A USB security key from the company Yubico is available for THD staff.
So that you can deposit the security key, you must have deposited another second factor in advance.
Important: Therefore, please be sure to follow the steps in the order of Step 1 and Step 2!
Instructions:
Recommended standard variant:
1. step: Phone-Method - (Call)
2. step: Security-Key
Optional Variant: Microsoft Authenticator Applikation
How do I use the second factor in the registration process?
Instructions for using the second factor (USB security key, Microsoft Authenticator app, or telephony) can be found here.