Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

e-INFRA CZ AAI offers multi-factor authentication using TOTP and WebAuthn. Users may also generate backup OTP codes for regaining access in case they lose their tokens. Detailed instructions can be found here.

Available methods

TOTP

TOTP is a standard method for one time code generation, defined in RFC 6238, and used by many commercial services. TOTP app has a shared secret with the server and generates time-constrained numerical codes based on that secret. The most common setting is with 6 digits and validity of 30 seconds.

 More information ...

You may know this method by many alternative names, including “code from verification app”, “verification code”, “authentication code”, “code from authentication app”, “6 digit code from code generator”, “code from Google Authenticator” or “verification code from the Google Authenticator app”.

The advantage of this method is its versatility - you can copy the one time code from the app in your smartphone to another app, type it on your PC or even a smart TV. The only requirement that the device you want to authenticate on needs to fulfil is the capability to enter digits.

You can use any TOTP app, for example one of those listed below. Alternatively you can use the TOTP capability of your password manager (e.g. BitWarden or LastPass Authenticator). If you already have a TOTP app installed, you do not have to install another one, you can just add MUNI Unified Login.

WebAuthn

WebAuthn, short for Web Authentication API, is a modern standard created by W3C and FIDO. This method offers a high level of security while protecting your privacy, it is also easy to use. WebAuthn is often a part of the operating system, so you do not need to install anything on most devices.

 More information ...

You may know this method by different names, including “FIDO2”, “U2F”, “security key verification”, “universal second factor” or simply “security key”.

The advantage of this method is its simplicity - you do not need to grab your smartphone, open an app and type in a code, you just confirm the authentication e.g. by pressing a button or using your thumb for fingerprint. You may register various devices and use a different method of authentication in each one depending on the device’s capabilities.

In order to use WebAuthn, you need to use one of the supported web browsers together with the operating system capability, an app or a physical authenticator (e.g. a YubiKey).

All web browsers officially supported by MUNI Unified Login support WebAuthn authentication.

If you want to learn more, check out webauthn.io and webauthn.me.



Operating systems with WebAuthn built in

  • Windows 10+ (Windows Hello)

  • macOS 10.15+ (only some browsers depending on version)

  • Android 7+ (a screen lock has to be set - e.g. a fingerprint or face recognition))

  • iOS 14.5+ (Touch ID, Face ID)

  • For Linux, you can try Rust U2F or tpm-fido.

  • No labels