Two-factor-authentication
Reports of stolen access data for internet services are on the rise. To counteract this, services such as PayPal and eBay have long offered two-step login procedures.
In order to keep on top of the increasing number of breached accounts in the university environment - and to offer you as a user the greatest possible security for your data - many of the university's IT services are also secured with two-factor authentication (2FA).
Safer and faster: It's not just the added security that speaks in favour of using a second factor. As a user, you also save time at the end of the day. For multiple accesses to different portals behind the two-factor-authentication (e.g. webmail and HIS portal), only one login is required. Requirement: You do not close the browser.
This is how the protection works: You will continue to log in to various services with your user name and password. The second step is to enter a six-digit security code, which you can retrieve in an app.
This is how you get the security code: You download an app for two-factor authentication into your mobile phone or tablet. After a one-off configuration, this app provides you with a six-digit security code that you can use for authentication. This procedure is called a TOTP (Timebased One-Time-Password). Alternatively, you can use a browser plug-in.
Further details on the overview, setup, selection and use of the two methods can be found in the following sections:
- Overview: University services with 2FA
- Set up the app
- Set up the browser plug-in Using two-factor-authentication
- Two-factor-authentication management
- Information for employees of TH OWL
- More information
Overview: University services with 2FA
The following services are provided with two-factor-authentication:
Service | Reference | Documentation |
---|---|---|
Identity management (IDM) | https://idm.th-owl.de | https://www.th-owl.de/skim/documentation/useraccount/ |
KIS-Portal | https://kis-portal.th-owl.de | https://www.th-owl.de/skim/documentation/kis-portal/ |
Lernplattform eCampus (ILIAS) | https://ecampus.th-owl.de | https://www.th-owl.de/skim/documentation/lernplattform-ecampus/ |
Webmail (OWA) | https://webmail.th-owl.de | https://www.th-owl.de/skim/documentation/e-mail-account/ |
WLAN/VPN certificate (eduroam) | https://mdl.th-owl.de/mobile/ | https://www.th-owl.de/skim/documentation/wireless network / https://www.th-owl.de/skim/documentation/university-dial-in/
|
Set up the app
To set up an app to generate the security code, you need two end devices. General, we recommend a computer and a device with which you can scan the QR code. If you do not have a computer at your disposal, you can also set it up using the search computers in our libraries.
In the following two tabs, we will guide you step by step through the set-up process. Alternatively, you can use the screencast that we have placed at the top of this page.
Good to know: When using an app for authentication, this is linked to a specific device.If you change the device, two-factor authentication is required to set up the app again. Tip: If possible, set up the app on the new device while you still have access to the old device.
Set up the browser plug-in
- General information
- Installation (Chrome, Firefox and Edge)
- Installation (Safari)
- Installation
- More options
If you do not have a mobile phone or tablet to use the app method, you can set up a browser plug-in as an alternative. In the following tabs, we explain how to set this up for various browsers.
Good to know: The browser plug-in cannot be set up on mobile devices.
Using two-factor-authentication
- Go to a web page protected with two-factor authentication
- The TH OWL registration page, which you know, appears, supplemented by the note "TH OWL Two-Factor-Authentication"
- Log in with the data from your user account (xyz-xyz and associated password)
- Then enter the six-digit security code that your app or plug-in generates every 30 seconds
Two-factor-authentication management
The authentication method is managed via a portal, the link to which can be found here: Authentication management
The login works differently depending on the status:
- You have not yet defined an authentication method: Log in with your university account (user name and associated password).
- You have already defined an authentication method: Log in with the username of your university account and the security code of the two-factor authentication. This will be automatically prioritised. If the app method (TOTP) is set up, log in is only possible with this method. If only the telephone method (OTP) has been set up, you can log in using this method.
In the portal that manages your authentication method, you can do the following:
- Adding an authentication method
- Deleting an authentication method
- Testing authentication methods
How to reset the login method: Are you unable to access your authentication, for example because you have a new mobile phone? Then we can help you at the service points in the libraries. Your authentication method can be completely reset on presentation of an official photo ID. Please note the opening hours of our service points. A complete reset of the authentication method by e-mail or telephone call is not possible.
Information for employees of TH OWL
Employees in dual roles: TH OWL employees who are also students must set up their second factor for both accounts. Of course, you can use the same app for this purpose, but naming the accounts differently is helpful.
It is not possible to log in with both accounts at the same time. This can either result in error messages or the rights actually required for the respective role are not made available.
There are two possible solutions for the problem:
- You use two different browsers for the two accounts (e.g. Firefox and Chrome)
- Before you start the second login, log out completely from the browser you started first.
More information
Information on the validity of two-factor-authentication:
- Logging in using two-factor-authentication has a validity period of 60 minutes. If you do not become active in an application within this time, you must log in again using two-factor authentication. Please note that the time-out for many applications is significantly shorter and comes into effect earlier.
- Logging in using two-factor-authentication is cancelled as soon as you actively log out of an application.
- The login via two-factor-authentication expires when the cookies are deleted.
Contact us
E-Mail: support@th-owl.de
Phone: +49 5261 702-2222