Two-Factor Authentication (2FA)

Two-Factor Authentication: What’s it About?

A second factor is very useful to protect your account against password theft. If your password gets cracked or found because you reused it in a powned service, a second authentication factor will protect you against hackers.

With Two-Factor Authentication, you have a second factor that proves that you are you. It could be a hardware token or an app on your phone – this proves that you not only can memorize the password (the first factor), but also have your mobile phone with you (the second factor).

In practice: first you open your browser and login with your username and password. Then you get asked for your second factor, e.g. a TOTP app. You open the app on your phone, and a time-based one-time password (TOTP) shows. Finally, you enter it – and you’re logged in.

If an attacker wants to hack your account, they would have to do the same. So stealing your password isn’t enough anymore – they also need to steal your phone. This is way harder, and your account is more secure.

Setup Your Second Authentication Factor

To enable it for your account, you need a second factor. You can use an application like the Google Authenticator or a similar application. If you’re not using any 2FA application and would like to use the Google Authenticator you can find it here: Android / iOS

Now login to your polybox account in the browser. For the next steps, be careful that you don’t log out again before you’re sure that it works. You don’t want to get locked out of your account accidentally, right?

(If you got locked out of 2FA even though we warned you, please open a ticket at servicedesk@id.ethz.ch and we will disable the 2FA for you.)

To get started, go to Personal Security Settings. Click on the “Activate TOTP” checkbox – a QR code appears.

Scan the QR code with your 2FA application on your phone to enable your phone as second factor.

Scan the QR Code with the 2FA app on your phone. Then you can generate an authentication code with your 2FA application and enter it into the web interface. When you click “Verify”, you enable Two-Factor Authentication for your account.

Remember: From now on you will need to use 2FA until you deactivate it here. Be sure to have your 2FA application working on your phone before closing or signing off on the web client. In case you get locked out of your account, please open a ticket at servicedesk@id.ethz.ch.

Support

The ITS Service Desk is available for assistance

Recent Posts