University of Bamberg
open search form
You are here

Service Institutions

University IT-Service

  1.  University of bamberg
  2. Weblogin
  3. Einmalanmeldung mit Shibboleth
  4. Administration and Institutions
  5. Service Institutions
  6. University IT-Service
  7. IT Services
  8. Login, Roles, Rights = IAM
  9. Passkey (English)

Passkey (MFA solution for web applications)

Information about Passkey

In order to use online services and applications where a lot of personal data can be stored, you need the most secure form of authentication possible. This is to ensure that only an authorized person has access to an account and the associated functions. In the past, personal access data only consisted of a login name in combination with a password, but nowadays there are many other secure options for logging into an account (online account).

This is why the University of Bamberg is introducing Passkey. Passkey is a method of password-free authentication that is designed to offer more security and convenience than conventional passwords. This method can be used alone or as a so-called second factor.

This works as follows: If you want to access an online service of the university with your user account, you must first confirm that this is actually your user account. At the moment, the BA number and the corresponding password are used for this.

You set up a passkey once and with just a few clicks in the security settings of a website. If you want to log in from then on, simply select your user account and confirm the login with your fingerprint or a face scan, for example. The other security-related calculations run in the background and are not visible to you as a user.

Set up passkey

The instructions for setting up Passkey can be found under the following links:

Manage passkey

Passkeys are managed via the IAM-Portal (iam.uni-bamberg.de). You can deactivate or delete your passkeys under the Manage passkeys menu item. Please note that the corresponding passkey must be deleted immediately if the device is lost or stolen.

view Manage passkeys in the IAM portal
Figure 1: Manage passkeys in the IAM portal

Please note!

Once you have set up Passkey (MFA) on one end device, you must also set it up on all end devices from which you want to access online services or e-mail services such as:

  • Virtueller Campus
  • Mailex
  • E-Mail-Client (Outlook, Thunderbird)
  • E-Mail-Client on Smartphones/Tablets

want to access.

FAQ

BSI (Federal Office for Information Security)

In general, the BSI (Federal Office for Information Security) the so-called multi-factor authentication (two-Factor-Authentication). In addition to the password, this two-step process also requires you to enter a code (sent to another device in your possession), a fingerprint scan or a USB token for identification purposes, for example. It is important to find out about the possible use of multi-factor authentication before using an application, service or device. It increases the level of security many times over.

Technical background of the FIDO Alliance

The FIDO Alliance is behind Passkey. FIDO is an abbreviation and stands for Fast Identity Online. The alliance establishes industry standards that are to be used by all participants. One such development is Passkey - an open and manufacturer-independent option for user authentication that was created by both industry and the state. Passkey represents the standard that manufacturers and providers can now incorporate into their products. The FIDO-Allianz includes numerous international tech companies and, since 2015, the BSI.

Why does a separate passkey have to be rolled out for each device?

The passkey offers a high level of protection against currently known phishing methods. One reason for this is that users can no longer accidentally pass on their access information, passkeys do not work on phishing websites and, ideally, weak passwords are no longer used at all. The client checks whether the website or web service is the one it is trying to impersonate, both during registration and at each subsequent login attempt. In this way, a passkey can only be used for the correct access for which it was generated.

Error message: Without confirmation

If the pop-up window does not allow confirmation during the “Roll out passkey” step, the error message below appears and the passkey must be reconfigured.

view Error message without confirmation
Figure 2: Error message without confirmation

Complete passkey deactivation

You can deactivate or delete your passkeys in the IAM-Portal under the Manage passkeys menu item.

view Manage passkey in the IAM portal
Figure 3: Manage passkey in the IAM portal

Error message: Passkey does not work

If you receive an error message when validating the passkey, please open the window again and log in with the passkey. If this is not successful, please restart the web browser. If this is also unsuccessful, please use the Codematrix login.

view Error during validation of the passkeys
Figure 4: Error during validation of the passkeys
view Verification invalid
Figure 5: Verification invalid

Information about Codematrix

Codematrix is a separate type of authentication for web applications through Shibboleth, which is used for everyone as an emergency authentication or when the passkey login needs to be set up.

[ That interests me! - Read more ...]

Information about MFA

Multi-factor authentication (MFA) is an identity verification method that requires users to provide at least one authentication factor in addition to a password or at least two authentication factors (2FA) instead of a password.

[ That interests me! - Read more ...]

Do you still have questions?

IT-Support
Telephone: +49 951 863-1333
E-Mail: it-support(at)uni-bamberg.de