Multi-Factor Authentication
MUNI Unified Login offers not only password-based authentication, but also more secure authentication through Multi-Factor Authentication (MFA). This feature makes it more difficult for potential attackers to misuse your account, because once activated, you will need to use an additional verification method, such as using biometrics, in addition to your password. In practice, this means that each time you log in from a new device, you must have your registered device at hand to enter the authentication code or confirm the use of a security key.
If you want to set up Multi-Factor Authentication in MUNI Unified Login, read the introductory information on this page and follow the individual guides linked below. You can also read a detailed introduction to Multi-Factor Authentication and phishing.
The Multi-Factor Authentication described on this page only applies to services that use Unified MUNI Login. To enable Multi-Factor Authentication for login to the MU Information System, you must enable it directly in the Information System by following this guide.
How to Set Up Multi-Factor Authentication
1
Set up verification codes authentication.
At Masaryk University, the first neccessary step is to set up the TOTP verification codes authentication method. This process involves downloading an application that supports TOTP codes.
As part of the TOTP activation, the following step is also to generate backup codes. These are used in case of loss of access to the authentication device, e.g. in case of a malfunction or loss of the phone. We strongly recommend that you save or print the backup codes securely, otherwise you may lose access to your account.
2
Set up Windows Hello authentication – using fingerprint or facial recognition.
Windows Hello is a way to sign in to devices, apps and online services. It's more secure than using a password because it uses biometric authentication – you sign in with your face, fingerprint or PIN.
3
Link Windows Hello with MUNI Unified Login.
By linking Windows Hello to MUNI Unified Login you increase your account security with support for multi-factor authentication (MFA), while providing a more convenient way to log in – for example, using your face, fingerprint or PIN. This makes logging in to MUNI services faster, easier and more secure.
Note: if you have only facial recognition set up in Windows Hello, you will only be able to log in to MUNI Unified Login using this method (and TOTP codes or backup codes).
If you later add other authentication methods to Windows Hello – such as fingerprint or PIN – you will need to link Windows Hello to the MUNI Unified Login again to use the new methods. This will create a new security token that allows you to log in using all available methods set up in Windows Hello.
4
Recommended: also link your mobile phone to MUNI Unified Login
By linking your mobile phone or other device, you get a fast and secure login where you simply confirm your login directly on your device (no need to install an additional app). In addition, if one of your devices is lost or unavailable, you will still be able to log in securely and not lose access to MUNI services.
1
What is Touch ID?
Touch ID is a fingerprint recognition feature designed and developed by Apple Inc.
2
How do I set up Touch ID access?
Follow the instructions in the dedicated videoguide. The process should be the same in English.
3
How to install and set up Authenticator Jak nainstaluju a nastavím Authenticator?
Follow the instructions in the additional dedicated videoguide. The process should be the same in English.
1
Contact support.
We consider the technical knowledge of Linux users to be sufficiently advanced to implement our own solution.
It is possible to use basic TOTP settings similar to the WINDOWS manual, or use more secure approaches according to availability, which can be found for example here: passkeys.dev - Device Support.
What to Do If You Lose Your Multi-Factor Authentication Device
When Multi-Factor Authentication is first set up, backup codes are generated for cases where access to the authentication device is lost, such as in case of a malfunction or loss of a phone. In such a situation, simply enter one of the backup codes during login and register a new token in the token management interface at mfa.id.muni.cz.
If you do not have any registered device with verification codes, security keys, or backup codes available, contact IT MUNI user support. If you are unable to log in to the service support portal to report the issue, send an email to it@muni.cz with the following information: the UČO you are logging in with; the service you are logging into (web link); the time of the login issue; the error message you received; and the version of your browser and operating system.
Instructions
- How to Initially Set up Multi-Factor Authentication
- Setting up Authentication with Verification Codes (both first and additional apps or devices)
- How to Generate Back up Codes
- Adding a Security Key
- Adding Windows Hello Authentication – Fingerprint Login
- Adding Windows Hello Authentication – Facial Recognition
- Linking Windows Hello with MUNI Unified Login
- Which Authentication Methods are Best for me?
Multi-Factor Authentication Settings
Redirects you to the Token Management Interface.
Access Settings for MUNI Services
Follow the instructions linked below on this page.
If you are unable to sign in to the service support portal, send an e-mail to it@muni.cz with the following information:
- which UČO you are signing in with,
- which service you are signing in to (web link),
- time when the problem occurred,
- the error message you received,
- the version of your browser and operating system.