Multi-factor authentication
When it comes to IT security, the login procedure for IT services plays a key role in protecting against data theft and security attacks. The current login to JMU IT services, which is based on the classic combination of login name and password, no longer offers sufficient protection in times of cybercrime.
For this reason, multi-factor authentication (MFA) is gradually being introduced at JMU. Shibboleth/WueLogin will be the first procedure to be converted to MFA.
In addition to your login name and password, MFA requires authentication via an additional security factor that you have previously set up.
Notes
The Microsoft Authenticator app is the security factor we recommend. The app is easy to use and works reliably. The app can be used on business and private smartphones. To log in to IT services, you need your smartphone, which everyone now has with them. The same applies to apps with TOTP procedures.
YubiKey security key: if you are unable to use an MFA app on your smartphone, you can set up the YubiKey as a security factor. Bear in mind that you must then always have the YubiKey with you to log in to IT services. If you use the YubiKey as the only security factor, you will need a temporary access pass to set it up, which must be issued for you by IT support.
To have two different security factors, you can register a YubiKey in addition to the Authenticator app (or app with TOTP procedure). Please set up the app first and only then the YubiKey. In the reverse case (i.e. YubiKey first and then app), you will need a temporary access pass, which must be issued for you by IT support.
Alternatively, you can install the Authenticator app (or app with TOTP procedure) on another mobile device such as a tablet or second smartphone.
Temporary Access Pass (TAP, Passcode)
A temporary access pass (TAP, passcode) is a code that you only need to set up the YubiKey - and only if you are setting up the YubiKey as the only or first security method and are not using an authenticator app.
If you also set up an Authenticator app in addition to the YubiKey, set up the app first and then the YubiKey. You do not need a TAP to set up the app; you can then set up the YubiKey as an additional security factor using the app.
If required, the TAP will be issued for you personally by IT Support and sent to your office by internal mail. Alternatively, you can collect it in person from IT Support (please bring your ID with you).
Translated with DeepL.com (free version)