Main Content

FAQ - Two-Factor Authentication

I do not want to use a smartphone (Digital Detox). What options do I have?
Using two-factor authentication is also possible without a smartphone. We offer the following alternatives:
- For Staff: Use the YubiKey sent to you at the start of your contract.
- For Students & Staff: You can obtain a long-term paper token (permanent list) in person at the IT Service Desk. This remains permanently valid for all logins (Weblogin, VPN, Marvin).
- PC Software: Alternatively, you can generate TOTP codes directly on your computer using programs like KeePassXC.
What will change for self-printed TAN tokens starting Fall 2026?
Starting Fall 2026, TAN tokens created by yourself in the 2FA Portal (lists containing 12 codes) will be downgraded to pure backup tokens:
- They will then only be valid for logging into the 2FA Portal.
- Logging into other services such as VPN, Webmail, or Marvin will no longer be possible using these self-printed TANs from that point onward.
Therefore, please ensure that you have set up a primary factor (App, YubiKey, or a paper token from the Service Desk) in due time.
What should I do if I need to register for an exam in Marvin and do not have a functional token?

If you do not possess a functional token (e.g., TAN token, app token) when registering for an exam in Marvin, you can request a token via the Application for Issuance of a Token. Please note that delivery by mail, pickup, or web conference may take some time. In urgent cases, please make a corresponding note of your issue in the application form.
What should I do if I need to log into a two-factor secured service and do not have a functional token?

If you do not have a functional token available for a required authentication, you can request a token via the Application for Issuance of a Token. Please take the processing time into account and indicate urgent cases within the form.
What should I do if I am unable to log in?

First, verify (1) your username, (2) your user password, and (3) the correct usage of your TAN, app, paper, or YubiKey token. Important: On systems like the VPN, the code must often be appended directly to the password without any spaces (e.g., Password123456).

If the problem persists, please contact the IT Service Desk (Lahnberge) or send an email to 2fa@hrz.uni-marburg.de.
What should I do if I lose my TAN, app, or YubiKey token?

In the event of a loss, the token must be disabled immediately for security reasons. Disabling can be done via the 2FA Portal, the Report Regarding Current Status Form, or the IT Service Desk.
How and where do I return my YubiKey token?

Returns must be made to the IT Service Desk (Lahnberge). If returning via mail, please deactivate the key in the 2FA Portal beforehand. According to IT security guidelines, active tokens must not be sent by mail.
How and where do I obtain my second factor (token)?

Students: Can set up app tokens within the 2FA Portal. Those who do not use a smartphone can obtain a paper token in person at the IT Service Desk.

Staff: Automatically receive a YubiKey sent to their official work address. Alternatively, app tokens or paper tokens can be used.

Guests and partners can request their token via the Application for Issuance of a Token.
How can I delete tokens?

Only tokens of the type TAN Token and App Token can be deleted by yourself within the 2FA Portal. The tokens must be deactivated prior to deletion.
Where should I keep my YubiKey?

The YubiKey is work equipment (value approx. €50). It should be attached to your keychain (lanyards are available at the Uni-Shop). Please ensure it is returned at the end of your contract.
How can I transfer my app token to a new device?
1. Scan the QR code again on the new device (if available).
2. Use the export/import function of your authenticator app.
3. Or: Roll out a new app token in the 2FA Portal and delete the old token.