ProxyIdP offers a more secure way of authentication on top of passwords – the so-called Multi-Factor Authentication (MFA). Once activated, an additional form of authentication is required in addition to the required password, for example in the form of a verification code. This function makes it more difficult for potential attackers to misuse someone else’s account.
...
| Expand |
|---|
| title | Comparison of signing in methods |
|---|
|
| Passwords | Verification codes (TOTP)
| Security keys (WebAuthn) | Protection against misuse of stolen passwords | ✗ | ✔ | ✔ | Protection against guessing of passwords | ✗ | ✔ | ✔ | Protection against simple phishing | ✗ | ✔ | ✔ | Protection against advanced phishing | ✗ | ✗ | ✔ | Availability on all IT devices | ✔ | ✔ | ✗ |
|
| Expand |
|---|
|
Multi-factor authentication | Identity verification using two or more authentication factors (e.g. something I know + something I have). | Security key | Usually a physical or a virtual device used for identity verification based on a secret key.
| Verification codes | One-time codes with limited time validity, generated by an authentication app, e.g. Aegis.
| Recovery codes | One-time codes which can be generated during initial setup and saved or printed. They can be used to authenticate in case of losing all other authentication devices.
| Tokens | Means of authentication other than a password or a PIN, including security keys, verification codes and recovery codes. |
|
...
Another option is to use a key fob that can be connected to both your computer and phone - such as YubiKey, GoTrust Idem Key or SoloKey. Authentication with a key fob usually means just one extra key press.
Technical information and a support table for various operating systems is available at passkeys.dev
Adding the first token automatically sets up Multi-Factor Authentication for all IT services under MUNI Unified Login. Managing for which services multi-factor authentication is enabled is possible in the User Profile.
...