Multifactor authentication (MFA) is an important function for important function to further protect your account against unauthorized access, e.g. if cyber criminals used phishing or malware (keyloggers, infostealers, etc.) to obtain your username and password.
With eduMFA there is a system with which secure your web-based login to various systems with a second factor.
Currently, this authentication token is used in our central login system Shibboleth. This means that the following web services offer additional protection: Moodle, CampusPortal (HISinOne), Zoom, eduVPN, FAUbox, Helpdesk ticket system, etc.
There are currently three supported ways to configure Multi-Factor Authentication for your Account:
A: Mandatory: MFA with a time-based one-time password (TOTP)
At least one additional factor is required to log in to web-based services via Shibboleth. Time-based one-time passwords are used here, which are obtained via an authenticator app.
- Additional factor: a time-based one-time password with 30s validity (TOTP - time-based one-time password), which you obtain from an authenticator app on your smartphone. This variant should at least be set up in order to be able to log in to web-based services in lecture halls, computer rooms or laboratory computers.
- The exact procedure is described here: https://helpdesk.th-ab.de/help/en-us/10/216
B: Passkey on a smartphone for passwordless login
With this option, a passkey is stored on your smartphone and synchronized with your integrated password manager. This MFA variant completely replaces the previous username and password entry.
- The passkey on your smartphone is secured by biometric procedures (fingerprint Touch ID, Face ID, etc.)
- On a smartphone or tablet with a passkey set up, you can log in directly in the browser without a password
- To log in to Moodle on a PC at the TH, for example, it is also possible to use the smart device for authentication without entering a username and password. However, this is only possible if a Bluetooth connection can be established!
- IMPORTANT: Requires a Bluetooth connection between the login PC and smartphone!
- IMPORTANT: No support for Mozilla Firefox under Windows 10! Use Microsoft Edge or Chrome on your Windows PC as an alternative. Mozilla Firefox is only supported with the latest Windows 11.
- The is described here: https://helpdesk.th-ab.de/help/en-us/10/218
C: Passkey on external security key - e.g. YubiKey
This option requires you to have an WebauthN compliant external security key and store the passkey here.
-
The is described here: https://helpdesk.th-ab.de/help/en-us/10/217