IT Center Blog

Source: Own illustration

Due to the growing digitalization in the private and professional environment, the risk of cyberattacks and phishing attacks is also constantly increasing. Universities are also becoming an increasingly frequent target of such attacks. This is why IT security is a key issue at RWTH Aachen University.

On February 1, 2024, multifactor-authentication (MFA) will be introduced for the VPN service at RWTH. This will significantly improve the protection of the IT services you use. The following blog post will explain what you need to do now.

What is Multifactor-Authentication?

MFA is a security procedure that requires a security code in addition to your usual login details. This is generated by a separate device or app, as is the case with online banking, for example. You can find more detailed explanations of MFA mechanisms in our blog post Security Mechanisms Unravelled: MFA.

What Will Change For You?

The introductory phase of MFA for VPN will start on February 1, 2024. From this date, the VPN system will be protected with a second factor, as it is one of the most important and security-relevant systems at RWTH Aachen University. During this introductory phase, you will have the opportunity to practise using the second factor when logging into the VPN.

After entering your known login details in the VPN client, you will be asked for this second factor. During the introductory phase, you can also log in without a self-created token by entering the current date as the second factor. Simply follow the instructions in the login screen when you log in to the VPN client.

From March 19, 2024, the use of the second factor for VPN login will be mandatory. This means that from this date, you will no longer be able to log into the VPN without a second factor that you have set yourself.

How Do You Use MFA?

In the Selfservice, you can create and manage your tokens yourself by using the Token Manager. You can currently set up hardware tokens, app tokens (e.g. via authenticator apps), TAN lists, and email tokens. Please note that the first two tokens mentioned are the most secure options. You can find instructions on how to set up the tokens on the IT Center Help pages.

MFA for VPN

You can currently use hardware tokens, app tokens, and the TAN list for VPN. As a first step, you have to create a TAN list. At this point, it is not yet possible to select other tokens. Please note that the TAN list should only be used for backup tokens. This will also protect you in case your preferred token type fails (e.g. your smartphone battery runs out or you lose your hardware key).
In a second step, you then create your preferred token. You can choose between the hardware token or the app token. The use of the e-mail token is not supported with the VPN service. (*)

Your Assistance is Required

During the introductory phase, the IT Center needs your help. A survey will be conducted to gather your feedback on understanding, documentation and operation, which will help us to simplify the use of the MFA services. Thank you for your support!

Outlook

In the future, other IT services of RWTH will also be protected with MFA. A process for distributing official hardware keys is currently being prepared by the IT Center. You will be informed about both topics in due course. If you already have a YubiKey as a hardware key, you will find suitable instructions for setting up the YubiKey on IT Center Help.

If you have any questions or encounter problems, you can contact the IT Service Desk by phone on +49 241 80 24680, by email at servicedesk@itc.rwth-aachen.de or via chat.

Responsible for the content of this article are Nicole Wießner and Corinna Hausberg.

(*) The paragraph was updated on January 30, 2024.

Kategorie: General, Announcements, IT-Security, IT-Managers, Employees, Support, Services & Updates, Students
Schlagworte: IT-Security, MFA, Multifaktor-Authentifizierung, VPN
Optionen: Antwort schreiben » | Trackbacks sind derzeit nicht möglich;