Main Content

Two-Factor Authentication

The Two-Factor Authentication service (2FA service) of the Philipps-Universität Marburg provides a modern, centralized, and secure authentication process for the university's applications. It effectively enhances the security of the provided IT infrastructure and the data stored within it.

To log in using 2FA, a second, independent security key (token) is required in addition to your password. The University of Marburg utilizes various alternative tokens:

• App Token: a smartphone app generates a time-based 6- or 8-digit security code.
• YubiKey Token: a hardware security key generates security codes at the touch of a button.
• TAN Token: a printed list of security codes; this method is not recommended and its usability will be restricted in the future.

When logging into a 2FA-secured IT service, the additional security code must either be entered into a separate form field or – if the application does not support this – immediately after your password into the standard password field.

You can manage your 2FA tokens yourself in the 2FA Portal: After logging in with an active token, you can set up additional app tokens and disable existing ones (e.g., if lost). We strongly recommend setting up an additional, safely stored backup token so that you remain able to act if you lose your smartphone.

For security reasons, tokens sent by mail cannot be used immediately; they must first be activated in the 2FA Portal before their first use.

Information on Frequently Asked Questions from Practice

• Where do I activate the token received by mail? Proceed to the 2FA Portal
• First-semester student and don't have a token yet? Proceed to the 2FA Portal
• Exam registration in Marvin and token is missing? Proceed to the Application Form
• Employed at the university and don't have a token yet? Proceed to the Application Form
• Report a lost token? Proceed to the Application Form
• Create and manage TAN or app tokens yourself? Proceed to the 2FA Portal

Target Group

Staff, students, guests

Prerequisites

• Central user account (University Account)
• A functional token (TAN token, app token, YubiKey token).
  Staff members will receive their token (YubiKey) automatically once their data is reported by the Human Resources department.
  Students create their first token in the same way as their account activation: Issuance of the initial token (Students).
  Guests, partners, and external service providers can request their token via the Application for issuance of a token for Two-Factor Authentication.

Forms

• Application for issuance of a token for Two-Factor Authentication
• Report regarding the current status of a token

Guides

• App Token
• YubiKey Token
• TAN Token

• Inhalt ausklappen Inhalt einklappen Support and Help

  If you encounter any authentication problems, please refer to the Two-Factor Authentication FAQ or contact the IT Service Desk (Lahnberge), which can also be reached by email at 2fa@hrz.uni-marburg.de. Please include your username/account and the specific subject in your inquiries.

• Inhalt ausklappen Inhalt einklappen Related Services

  • Central User Account (University Account)
  • Shibboleth (Web Login)

• Inhalt ausklappen Inhalt einklappen Useful Information

  What is "Authentisierung" vs "Authentifizierung"?

  In German IT terminology, Authentisierung (provenance) refers to an entity claiming specific properties about its identity for subsequent verification. Authentifizierung (authentication) is the actual verification of those claimed properties to ensure the entity's authenticity. In English, this conceptual distinction does not exist as separate words; therefore, Authentication can refer to either or both processes depending on the context.

  Software and System Design

  The Two-Factor Authentication service of the Philipps-Universität Marburg is based on the open-source software PrivacyIDEA. PrivacyIDEA provides an extensive feature set, is flexibly expandable, and allows seamless integration into the university computer center's existing and constantly evolving IT infrastructure. To guarantee high performance, high availability, and optimal maintainability, PrivacyIDEA runs redundantly and scales horizontally within a cluster environment utilizing multiple PrivacyIDEA workers.