What is multifactor authentication?

You probably know it from your private online banking or already from Microsoft Office 365 or Teams at UZH. When logging into an online application, you have to log in with a second factor in addition to your username and password.

Why multifactor authentication?

Protecting access to online applications and the information saved therein via user name and password alone is no longer sufficient today. The UZH is also not safe from cyber attacks. Therefore, relevant online applications with sensitive data and information are gradually secured with multifactor authentication. After Office365 and Teams, these are in particular the SAP web portals and other business-critical online applications.

How does multifactor authentication work at UZH?

You can choose between various second factors that can be used. On your mobile phone, you can use an authenticator app, receive a verification code via SMS or a phone call. You can also use a landline phone to get the verification call.

How to set up multifactor authentication?

If you already use Microsoft Office365 or Teams at UZH, you have already set up multifactor authentication for yourself and can also use it for other applications. If this is not the case, you will be supported in setting up a second factor via a guided dialog when you log on for the first time with multifactor authentication.

Notes:

• For home office use, we recommend the use of the mobile phone.
• Authenticator app (e.g. from Microsoft: Download): The app must not be deleted after registration. Multifactor authentication must be confirmed regularly. The Authenticator app must also be reconfigured after a device change.
• You can check and manage your settings for multifactor authentication here: Define the standard login method, change the login method, store additional login methods.
• Recommendation - Store an additional login method. You can also log in if the selected access is not available (e.g. if your mobile phone is defective or lost).

Detailed instructions and additional documentation from Microsoft: Link

Video "How to register for Azure Multi-Factor Authentication" from Microsoft

Video "Register and manage your security information" from Microsoft

The use of the Microsoft authenticator app is not mandatory, other methods can be used as well, e.g. sending SMS to a cell phone number. To setup the alternate method, proceed as follows:

1. After the first login with the Microsoft 365 account, a message appears that further information is required. Click "Next" to proceed to the next step.

   

2. Click on the link "I want to set up a different method".

   

3. Select "Phone" in the selection list and click "Confirm".

   

4. Enter your cell phone number and select "Text me a code" and confirm the selection by clicking "Next".

   

5. Enter the verification code that was sent via SMS to the newly added cell phone number and click "Next".

   

6. If the verification code has been successfully validated, a confirmation message appears. Proceed with "Next".

   

7. Complete the multifactor authentication setup by clicking "Done".

   

After switching to a new mobile device, the authenticator app must be reinitialized. To avoid locking yourself out, you can add an alternative/additional authentication method to your account before you lose access to your previous device.

Log in at https://mysignins.microsoft.com/ and choose "Security info":

Here you can add an (or more) additional logon method:

Choose method type "Authenticator app" and follow the subsequent steps:

As a result you can log on using your previous as well as your new device. We recommend to remove the sign-in method for your previous device as soon as you have completet switching devices.

See also video "Register and manage your security information" from Microsoft