The growing number of online fraud attempts has made it necessary to implement more secure login procedures for some of the University's systems and services. For instance, in the summer of 2023, a hacker attack was carried out against the University leading to information from two different systems being shared on the internet.

Code via mobile app

The multi-factor authentication being introduced now requires users to provide at least two different forms of identification to log into IT systems. This is known as two-step verification, where users must follow an extra step beyond merely their password to confirm their identity.

“This is a security-enhancing measure. For systems handling sensitive personal data or protected information, it is a requirement to have higher levels of security when logging in than just a password,” explains Per-Olof Andersson, Head of Unit at the University's IT Services. “But it's a good idea to use multi-factor authentication on as many services as possible. Usernames and passwords often end up in the wrong hands through methods like phishing. With multi-factor authentication, these credentials alone are not sufficient to log in.”

For the majority of staff, the extra login step beyond the password will entail a one-time code generated by a mobile app. Those without a work mobile phone will need to install the application on their personal mobile phones. A couple of alternatives to this one-time code are also available.

Will be required by more and more systems

The implementation of multi-factor authentication has been expedited, in part due to the hacker attack in the summer of 2023. Multi-factor authentication has already been introduced for some systems, such as Vesta (research data storage) and Sesam (permit card administration).

“During the autumn of 2023, more systems will activate this protection. The respective system administrators or equivalent will inform users before activating multi-factor authentication for each system.”

Work is currently underway to implement multi-factor authentication for systems like Akka (staff catalogue) and Klara (chemical management system), as well as the new meeting platforms that will replace the existing ones on the Staff Portal. The timing and order of activation have not yet been finalised.

The possibility of implementing multi-factor authentication for email programs is under consideration, but at present there are no plans for multi-factor authentication for computer logins; this may be considered in the future.

Get started right away

To start using multi-factor authentication, you need to enable it via account management in the staff catalogue, Akka. The easiest way to do this is by following the instructions for multi-factor authentication on the Staff Portal.

What happens if an employee doesn’t activate multi-factor authentication themselves?

“Nothing will happen at the moment, but when an employee needs to access a system requiring multi-factor authentication, they will not be able to log in until they activate it.”