In the past months, it was possible to activate multi-factor authentication (MFA) voluntarily. As of 3 July, this additional security measure will be mandatory. This means that from this date onwards, a one-time password will be required in addition to the u:account credentials in order to log in to the VPN of the University of Vienna.
Around 2,000 users log into the VPN every day. By mid-May, after an initial information campaign, almost 700 of them had voluntarily activated MFA. MFA can significantly improve the security of the IT infrastructure, as the risk of unauthorised access is considerably reduced.
Security risk of (non-)users
Christoph Campregher, head of the IT security staff unit at the ZID, explains the background: “The security risk lies not only with the active VPN users, but also with those who are basically authorised to use VPN, but do not use it.” These are the majority of the almost 100,000 university members. They all have online storage space available to them, which can also be accessed from home via VPN. Every single one of these accounts is therefore eligible for VPN, and for every single one of these accounts, the VPN would be vulnerable if the respective UserID and password were stolen. By making MFA mandatory, this risk can be significantly reduced, thus better protecting the data of all university members.
As of 3 July, the login window for the VPN will change: In addition to the input fields for u:account UserID and u:account password, there will then also be a field for the one-time password and the URL zid.univie.ac.at/en/vpn/mfa/. This leads to more information and explains how to set up MFA in just a few steps.
Special protection for sensitive data
Important IT services of the University of Vienna can only be accessed externally via VPN. In addition to the online storage space, these include the share service, the u:phone telephony service, certain services of the administration or IT applications of individual faculties, centres and institutes. It is important to secure this sensitive data in particular, says Ronald Maier, Vice Rector for Digitalisation and Knowledge Transfer at the University of Vienna: “In view of the increasing attacks on the IT infrastructures of companies and institutions, the security and integrity of our data are an indispensable element of prudent digitalisation.”
Learn more:
- about MFA, the authentication apps and their alternatives on the ZID service page on multi-factor authentication
- about MFA for VPN on the VPN service page
- in the user guides
- in the IT News article Multi-Faktor-Authentifizierung: Doppelt hält besser (Multi-factor authentication: Better safe than sorry, in German)
![[Translate to Englisch:] Illustration verpflichtendes MFA für VPN](/fileadmin/user_upload/d_zid/open/it-news/2023/mfa-verpflichtend.png)