Multifactor Authentication Setup

What is multifactor authentication?

You probably know it from your private online banking or already from Microsoft 365 or Teams at UZH. When logging into an online application, you have to log in with a second factor in addition to your E-mail adress and password.

Why multifactor authentication?

Protecting access to online applications and the information saved therein via user name and password alone is no longer sufficient today. The UZH is also not safe from cyber attacks. Therefore, relevant online applications with sensitive data and information are gradually secured with multifactor authentication. After Microsoft 365 and the SAP web portals as well as other business-critical online applications, all online applications must now be secured with multi-factor authentication.

How does multifactor authentication work at UZH?

For multi-factor authentication, we recommend installing an authenticator app on your cell phone. Using an authenticator app is a secure method for multifactor authentication and is independent of mobile phone coverage.

The previous options via SMS and telephone call should be dispensed with. On the one hand, these are no longer considered sufficiently secure and, on the other, you are dependent on sufficient mobile phone coverage.

As an alternative to a private cell phone, a password or fingerprint-protected USB stick (dongle, hardware security key) can be used (Please obtain this yourself. For information, see also the setup document below under 'Notes').

How to set up multifactor authentication?

If you already use Microsoft 365 or Teams at UZH, you have already set up multifactor authentication for yourself and can also use it for other applications. If this is not the case, you will be supported in setting up a second factor via a guided dialog when you log on for the first time with multifactor authentication.

Notes:

• Authenticator app (e.g. from Microsoft: Download or from Google: Download (Android) / Download  (Apple), but other authenticator apps also work): The app must not be deleted after registration. Multifactor authentication must be confirmed regularly. The Authenticator app must also be reconfigured after a device change.
• Authenticator USB stick (security standard: FIDO 2): For the setup (PDF, 1 MB) of the device- and operating system-independent USB sticks (type C), we recommend using the Edge and Chrome browsers. If the password or stick is lost, a new stick must be purchased (costs: CHF 20 (password stick) and CHF 35 (fingerprint stick)). The use of the sticks is voluntary.
• You can check and manage your settings for multifactor authentication here: Define the standard login method, change the login method, store additional login methods.
• Recommendation - Store an additional login method. You can also log in if the selected access is not available (e.g. if your mobile phone is defective or lost).

Set up Multifactor Authentication
Migrate Microsoft Authenticator to a New Device

Detailed instructions and additional documentation from Microsoft: Link

Video "How to register for Azure Multi-Factor Authentication" from Microsoft

Video "Register and manage your security information" from Microsoft

After switching to a new mobile device, the authenticator app must be reinitialized. To avoid locking yourself out, you can add an alternative/additional authentication method to your account before you lose access to your previous device.

Log in at https://mysignins.microsoft.com/ and choose "Security info":

Here you can add an (or more) additional logon method:

Choose method type "Authenticator app" and follow the subsequent steps:

As a result you can log on using your previous as well as your new device. We recommend to remove the sign-in method for your previous device as soon as you have completet switching devices.

See also video "Register and manage your security information" from Microsoft