Skip to ContentSkip to Navigation
Society/business Center for Information Technology Security

Multi-factor Authentication

Log in with something you know and with something you have

The UG continuously works to improve IT security. Following the ransomware attack in Maastricht in part, various measures are being taken in front of and behind the scenes to secure the university network even better. One of the security projects is the introduction of Multi-factor Authentication (MFA).

What is MFA?

MFA adds an extra layer of security to the login procedure. This log-in method is also used by the government (DigiD) and banks for secure online banking. After typing in the staff or student number and the password (something you know), a second authentication step follows via a separate device, e.g. a mobile phone or tablet (something you have). This two-step verification method makes it harder for malicious parties to gain access to your account because both the combination of the login name and password ánd the second authentication factor via a separate device is required.

What is the impact?

All employees and students will at some point have to deal with MFA as soon as they log on to the university network. In many cases, this will be once a day when logging in for the first time in the morning. However, this depends on various factors, such as the inactive time, or the fact that one logs in from a university building or home. Users of programmes such as Progress and Corsa and all CIT staff already work with MFA.

What do you need for MFA?

MFA requires a mobile phone or tablet on which an app  (Google Authenticator or another TOTP-app, e.g. Microsoft Authenticator) is installed that generates the second login code.

What is the schedule?

The roll-out of MFA across the university will start in May. This will take place in phases. Each week, employees of a department or faculty will be guided through the process of setting up Multi-factor Authentication. A support team will be present on-site during that week. However, it is not necessary to come to the university to register. It is very easy to register your mobile phone via the portal.

A different roll-out schedule will be made for students.

Is MFA the only security measure being taken?

The introduction of MFA is one of the many security measures that will be implemented. It is part of the security master plan. Many of the measures in this plan are not visible to the general public. MFA certainly is. The compulsory change of password that will be enforced in 2021 is also a measure that all UG staff and students will be faced with.

Last modified:10 June 2021 5.26 p.m.
printView this page in: Nederlands