You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 4
Next »
e-INFRA CZ AAI offers multi-factor authentication using TOTP and WebAuthn. Users may also generate backup OTP codes for regaining access in case they lose their tokens. Detailed instructions can be found here.
Contents
Available methods
TOTP
TOTP is a standard method for one time code generation, defined in RFC 6238, and used by many commercial services. TOTP app has a shared secret with the server and generates time-constrained numerical codes based on that secret. The most common setting is with 6 digits and validity of 30 seconds.
More information ...
You may know this method by many alternative names, including “code from verification app”, “verification code”, “authentication code”, “code from authentication app”, “6 digit code from code generator”, “code from Google Authenticator” or “verification code from the Google Authenticator app”.
The advantage of this method is its versatility - you can copy the one time code from the app in your smartphone to another app, type it on your PC or even a smart TV. The only requirement that the device you want to authenticate on needs to fulfil is the capability to enter digits.
You can use any TOTP app, for example one of those listed below. Alternatively you can use the TOTP capability of your password manager (e.g. BitWarden or LastPass Authenticator). If you already have a TOTP app installed, you do not have to install another one, you can just add MUNI Unified Login.
WebAuthn
WebAuthn, short for Web Authentication API, is a modern standard created by W3C and FIDO. This method offers a high level of security while protecting your privacy, it is also easy to use. WebAuthn is often a part of the operating system, so you do not need to install anything on most devices.
More information ...
You may know this method by different names, including “FIDO2”, “U2F”, “security key verification”, “universal second factor” or simply “security key”.
The advantage of this method is its simplicity - you do not need to grab your smartphone, open an app and type in a code, you just confirm the authentication e.g. by pressing a button or using your thumb for fingerprint. You may register various devices and use a different method of authentication in each one depending on the device’s capabilities.
In order to use WebAuthn, you need to use one of the supported web browsers together with the operating system capability, an app or a physical authenticator (e.g. a YubiKey).
All web browsers officially supported by MUNI Unified Login support WebAuthn authentication.
If you want to learn more, check out webauthn.io and webauthn.me.
Operating systems with WebAuthn built in
Windows 10+ (Windows Hello)
macOS 10.15+ (only some browsers depending on version)
Android 7+ (a screen lock has to be set - e.g. a fingerprint or face recognition))
iOS 14.5+ (Touch ID, Face ID)
For Linux, you can try Rust U2F or tpm-fido.
When accessing a service, which requires the Multi-Factor Authentication, the e-INFRA CZ AAI will forward this request to your home organization. If you can perform MFA there, you will do so as used to. Otherwise, if you have registered for an e-INFRA CZ AAI, you will be prompted to perform MFA in the e-INFRA CZ AAI context (or will be displayed an error message if you cannot fulfil this requirement).
The prompt to perform MFA in the e-INFRA CZ AAI context appears after you have logged in at your home organization and looks like the following:
Support
In case of any problem please let us know at: login@e-infra.cz.