Atriumboks smal

Multi-Factor Authentication

MFA (Multi-Factor Authentication) is automatically activated on all profiles.

The first time you log in after MFA is activated on your profile, you will need to register a phone number to which the verification code will be sent. We strongly recommend that you register a secondary authentication method, to avoid being locked out of your account. You can read more about how to register in this guide. This way, you have two options to authenticate yourself in addition to your password.

The transition to MFA is a part of our increased IT-security at ITU. It helps us comply with the GDPR rules and helps secure our data better.

If you have issues with MFA, please contact the IT HelpDesk (it@itu.dk). 


What is MFA


MFA is short for Multi Factor Authentication. This means that your ITU account is being protected by not only your username and password but an extra factor as well – this can be an SMS code, a phone call or with a mobile app like Microsoft Authenticator.

You may already know MFA from using the ITU VPN or services like Google or Facebook.

  

Why MFA?


Most security breaches today involve compromised usernames and passwords. One factor authentication (a simple password) is not adequate to protect university data and personal information. Implementing MFA will help prevent anyone but you from accessing your account and data, even if they know your password.

We highly recommend registering 2 different methods for MFA to avoid being locked out of your account.

In time MFA will be mandatory for all faculty, staff and students to gain access to their accounts and most systems.


Which systems are protected by MFA?


We are enabling MFA for your Office 365 / Azure profile which means that especially Cloud based services are being protected since these are reachable from around the world. More systems will be covered by MFA in time but currently it will protect services like LearnIT, E-mail, Teams, Adobe CC, TopDesk and more.

 

Why can’t I connect with my mail app?


Enabling MFA requires deactivating older insecure login methods like IMAP4 and POP3. These are also known as “Legacy” or “Basic” authentication. Old login methods do not support MFA and keeping them active means keeping an open insecure backdoor for attackers to exploit.

If you are using unsupported mail apps you may experience problems connecting. We recommend that you use one of these supported mail apps:

·       https://webmail.itu.dk

·       Outlook for Windows

·       Outlook for Mac

·       Outlook for Android & IOS

  

These mail apps support MFA, but are not recommended or supported by the IT Department:


·       Nine Mail for Android & IOS

·       Evolution for Linux

·       Mac Mail (requires Mac OS X 10.14 Mojave or newer)


For a period of time we offer to enable Legacy authentication (IMAP4 and POP3) if you are experiencing issues connecting with your apps. You can request this by contacting it@itu.dk.

Bear in mind that basic authentication can only be offered temporarily as Microsoft will end support for this by October 2020: https://developer.microsoft.com/en-us/office/blogs/end-of-support-for-basic-authentication-access-to-exchange-online-apis-for-office-365-customers/