2-faktor authentication (2FA)

Instruction

Before you start activating 2-factor authentication, please read carefully the instructions under the Overview section. Only after understanding the procedure, you should follow the instructions on this page to activate the procedure.

In order to use 2FA, the first step is to activate the feature once. To do this, you will need a student ID card or a employee ID card. If you do not have either of these at hand, please contact the IT Helpdesk. After successfully entering your data on our registration page, you will receive one-time access data to the 2FA portal by e-mail. As soon as you are successfully logged into the 2FA portal, you can activate various tokens there. In principle, you can create as many tokens as you like and choose between the following two variants: TimebasedOneTimePassword (TOTP) and WebAuthn (hardware security chip). Please refer to the corresponding instructions 2. a), 2. b) or 2.c) on this page for how to activate them and for further information on the variants. In most cases, the TOTP method with Authenticator app is the most flexible and easiest. Alternatively, we recommend the use of a USB security stick. The data centers are happy to support all employees/departments/specialties in obtaining USB security sticks. To do so, simply contact our IT help desk by e-mail. If all these procedures do not work for you, you can also contact our IT helpdesk to find a suitable solution for you.
 

Instructions

1. One-time activation of the process

IMPORTANT: Please ensure that you either already have a TOTP-enabled app installed and handy, or have a USB security stick connected before performing the following steps.

  1. If you have a student or employee ID card, you can perform a self-activation on 2FA-Activation using the control/card number. If you do not have a corresponding ID card, please contact 2fa(at)hochschule-trier.de with a request to participate in the procedure.
  2. You will then receive an e-mail (sender: noreply+2FA@hochschule-trier.de) in which you will find unique access data for registration.
  3.  Log in to the 2FA registration platform with the access data from this mail. Attention: this works exactly once. So carry out the registration process (roll out at least one token) to the end!
  4. Select the Token ausrollen function and register the second factors (tokens) of your choice. Instructions on how to do this can be found in the following points 2.a), 2.b) and 2.c).
2. a) Roll out token: TOTP - Time-based one-time token

The Timebased-OneTimePassword (TOTP) is a time-based token (a 6-digit number that changes every 30 seconds). To use this method, you need an app or program on your device that can generate such TOTPs. If you do not have a trusted authenticator app installed yet, we recommend using the privacyIDEAAuthenticator app. The app is available for both Android and iOS. Of course, if you are already using another authentication app (for example Microsoft Authenticator), they will work just as well.

  1. Select the function Token ausrollen and there TOTP: Zeitbasiertes Einmalpasswort from the drop-down menu.
  2. Under Beschreibung please choose a meaningful name, so that you still know later which token generator this is (examples: smartphone, authenticator, notebook, ...).
  3. Click the Token ausrollen button at the bottom.
  4. A QR code will appear. You can scan this with the Authenticator app on your end device. Alternatively, you can click on Der OTP-Schlüssel on the right and copy and paste the appropriate value into your program.
  5. You must then enter the code generated by the app once for verification in the input field on the homepage with the QR code and select Verify token.
  6. Your Authenticator app will now constantly generate new tokens. If you are asked for a token when logging in to supported university services, simply enter the current value your app displays there.
2. b) Roll out token: WebAuthn - USB Security Stick

With WebAuthn, your USB security stick takes over the token function. When logging in to supported university services, the system checks whether the stick is connected to your terminal device and you must also confirm this by "pressing a button" (touching the round symbol) on the stick. To use the procedure you need a USB security stick that supports the FIDO procedure. To activate this as a token, proceed as follows:

  1. Connect your USB security stick to your end device.
  2. Select the function Token ausrollen and there WebAuthn: Enroll a Web Authentication token from the dropdown menu.
  3. Under Beschreibung please choose a meaningful name, so that you know later which token generator this is (examples: Yubikey, Feitan, ...).
  4. Click the Token ausrollen button at the bottom.
  5. Follow the instructions of your browser and run the registration process once completely. In the meantime you will be asked to press the button on the USB security stick once (it will start blinking). This means to touch the round symbol on the stick
  6.  If you are asked for a token when logging in to supported university services, follow the instructions of your browser, connect the stick (if not already connected) and confirm the login manually by touching the symbol on the USB security stick.
2. c) Roll out token: WebAuthn - Hardware token

With WebAuthn, a security chip (hardware) takes over the token function. When logging on to supported services, the presence of the chip is checked and, depending on the device, confirmation is required using a biometric function (fingerprint or face scan). In order to be able to use the procedure, the following points must be fulfilled:

  1. You need a browser that supports WebAuthn (these are almost all common, modern browsers).
  2. You need a supported hardware - a device secured by biometric functions (examples: notebook with Windows Hello, macOS with FaceID or TouchID, ...).

To activate this token, proceed as follows:

  1. Connect your USB security stick to your end device.
  2. Select the function Token ausrollen and there WebAuthn: Enroll a Web Authentication token from the dropdown menu.
  3. Under Beschreibung please choose a meaningful name, so that you know later which token generator this is (examples: Yubikey, Feitan, ...).
  4. Click the Token ausrollen button at the bottom.
  5. Follow the instructions of your browser. Complete the registration process once.
  6. If you are asked for a token when logging in to supported services, follow your browser's instructions to unlock your hardware to allow logging in.
General overview 2FA portal

You can reach the portal for managing your 2FA tokens at 2fa.hochschule-trier.de.

Area - Alle Token

After logging in, you will automatically land on an overview page with all your tokens. You can see at a glance which tokens you have activated. By clicking on the serial number of a token you will get to its detail page. On this page you can delete the token, deactivate it temporarily, change the description or even test the token.

Area - Token ausrollen

In this area you can activate new tokens. Basically you are free to create as many tokens as you want. However, we recommend to activate at least two. This way, logging in is still possible even if you lose a token. For example, you can use a USB token and an Authenticator app on your smartphone. If you lose the USB token, you can still log in using TOTP from the app and deactivate the lost USB token in the portal.

To the Portal: 2fa.hochschule-trier.de

IT-Helpdesk: help(at)hochschule-trier.de

2FA-Newsletter: www.listserv.dfn.de/

Opening hours

IT-ServicePoint: Room G9
Mo.-Fr.:    9:15 - 11:45 hour
Mo.-Th.: 13:45 - 16:00 hour

IT-Workspaces: Rooms G01, G03, G04, G12, G13, G14
[24/7] - at night, on sundays and public holidays with your student card / staffmember card

qickly to ...
Questions? Suggestions? Critisism?

Please send an E-Mail to help[at]hochschule-trier.de

 

University IT-Departments

Rules

Legal notice

Service

back-to-top nach oben