MFA comes to the University of Siegen

Multi-factor authentication (MFA) is a security procedure that makes access to an account or system more secure.
In addition to the password, at least one other factor, known as a token, is required. This factor can be, for example, a unique code from an app or text message, a fingerprint or a special USB stick.

The combination of several factors prevents unauthorized persons from gaining access to an account or system with the password alone.

A token is a type of digital key. It is used to log in securely to a system or an app. A token can be a small device, a smartphone app or a special code, for example. One common type of token is a one-time numerical code that is only valid for a short period of time. In addition to the password, these codes are used to confirm that you are really authorized to log in.

You can think of it like the door of a safe. The safe has a combination lock and a key. For the combination lock, you need to know the corresponding combination, such as a password. The token, i.e. the second factor, is a physical key in this case, i.e. something you must have. You can only open the safe door if you have both.

This is also how it works digitally: you log in as usual with your ID and password and confirm the login with a YubiKey or a TOTP app installed on your smartphone. This makes your access much more secure.

The introduction of MFA at the University of Siegen is based on the legal requirements of the Cyber Security Agreement of the Ministry of Culture and Science (MKW). This agreement requires universities in NRW to implement appropriate security measures to protect the integrity and confidentiality of data.

With the introduction of multi-factor authentication (MFA), the login process for various systems and services (see above) at the university will change. Instead of just entering a password, you will also have to provide a second authentication factor.

Yes, all employees, students and external users must activate MFA for their account sooner or later. This is the only way to ensure effective protection for all members of the university. The target times can be found further up on this page in the blue box.

Supported are:

• Time-based one-time password (TOTP, Authenticator app)
• One-time password (OTP) via YubiKey (special USB stick)
• Push notification (eduMFA app)
• TAN list

Note: Two tokens per token type can be active .

The following authenticator apps were tested for their supported parameters.

Please note: The apps are backwards compatible - an app that supports 60-second time steps also offers 30-second steps; an app with SHA512 support also allows SHA256 and SHA1.

Yes, there are alternative options.

Note: If possible, we recommend setting up a TOTP and/or push token on a smartphone or using a YubiKey.

Here you will find alternative hardware and software if you cannot or do not want to use any of the above options.
However, we do not offer support for these!

Hardware:

• Reiner SCT Authenticator
  Hardware for two-factor authentication.
  With the integrated camera, TOTP tokens can be easily imported via QR codes.

Software:

• Windows:
  2fast - Two Factor Authenticator
  The Authenticator app can be downloaded from the Microsoft Store.
• MacOS:
  Step Two
  The authenticator app can be downloaded from the Mac App Store.
• Linux:
  GNOME Authenticator
  Can be obtainedfrom the Flathub repository.

Various services, such as the EU procurement portal, have now also introduced mandatory MFA. If supported and available, you can also use your YubiKey or your Authenticator app for this.

You can find more information here:

• EU portal login
• EU procurement portal

If you have any further questions, please contact the ZIMT SupportDesk, either

• by e-mail to: support@zimt.uni-siegen.de
• or by phone: (0271) 740 - 4777 
  (Mon. - Fri. 08:00 - 15:30)
• In person in room H-D 2203
  (opening hours: Mon. - Fri. from 8:00 - 16:00, by telephone until 15:30)