What is MFA (Multi-factor authentication)?
An additional authentication factor is added to the standard authentication to information systems (login name and password). The first factor "I know something" login and password and the second factor "I have something" mobile phone/phone/hardware key.
Typically, this is generally a password + another factor such as:
- client certificate,
- SW applications on mobile devices,
- USB token,
- voice verification,
- biometric data,
Why use it?
There is a significant increase in the security of user authentication because the authentication occurs from multiple independent sources.
Recommended by the NUKIB authority.
It is recommended in the outputs of penetration tests by the CESNET forensic laboratory, which were carried out at CZU in 2018 and 2019. It significantly provides authentication for users who use weak passwords or whose identities have already been compromised and the users have not changed their password yet.
It is commonly used in practice not only in the banking sector where, however, but this is also standard.
How does it work?
The Microsoft license available for CZU allows users to use the following MFA:
Mobile application - Microsoft Authenticator application, users install the application from the Apple Store or Google play on the smartphone. The users connect the application to their Microsoft accounts using a QR code/line/code and choose whether they want to use a token (the application generates a one-time password valid for 30 seconds after the user's login with a known password) or confirmation only (on the mobile phone after the user logging in with a valid password, a notification will pop up whether the user wants to log in). The user only confirms approve/reject).
Phone call - the code is called to the set phone number by the automat machine.
SMS - after logging in with a valid password, an SMS with a one-time code will arrive.
Detailed instructions for all available multifactor verification methods are available HERE.
In case of problems, please contact the IT Helpdesk.