Q: Is multi-factor authentication (MFA) mandatory for access to FBK services?
A: Yes.
Q: Will I have to enter an additional security code every time I log into my PC?
A: No, access to the PC, centrally managed or self-managed, is not subject to MFA.
Q: When will I need to enter a second authentication factor?
A: At least once a month for new safety regulations. When you connect to our services - for example my.fbk.eu, e-mail, GitLab - you will be asked, in addition to the password, for a second authentication factor which will be a code generated by an app on smartphone or PC (OTP).
Q: This every time I access the services?
A: No, only whenever you change something, such as your browser, PC, phone, where you connect from, etc. If nothing changes, the request will occur about once a month.
Q: If I use a program to read mail instead of the browser, do I still have to use the MFA?
A: Mail programs must be compatible with the Modern authentication standard (aka OAUTH2). However, for security reasons we recommend that you use a browser.
Q: Why do you recommend a browser to access FBK services?
A: For several reasons, security and usability. We mention a couple but there are others. Use a browser: avoid saving mails on your PC which, in case of theft or loss, would be easily recoverable; allows you to access all Google services from a single window - mail, chat, group chat, Meet - which are the standard communication tools in FBK.
Q: If I use an App on my phone, for example GMAIL, do I have to use the MFA?
A: Yes, with the same browser rules.
Q: Will the MFA also be active on Microsoft applications such as Teams, Office and OneNote?
A: Yes, both used via the web and on a PC, phone or tablet.
Q: Which technology do you use to implement the MFA?
A: we have considered different technologies and different suppliers. The solution with the best quality-price ratio was that of Microsoft, completely cloud. Also FBK Google services use Microsoft MFA authentication. You can find more information at this link.
Q: Will I have to install an app to generate MFA codes on my phone? Which? Is it safe?
A: The simplest solution is to install Microsoft Authenticator on a mobile phone or tablet. This allows, among other things, not to have to copy the OTP code by hand but to simply press an authorization button. The app is safe and compliant with the GDPR.
Q: Can I use an App other than Microsoft Authenticator?
A: Sure, but in this case it will not be possible to authorize by pressing a button and it will be necessary to copy the OTP code. Other recommended app is Google Authenticator. There are also Open Source Apps.
Q: I don't want to install any apps on my phone. How do I log in?
A: You can use an application that generates OTP for PC (Windows, MacOS, Linux) or a browser plugin.
Q: Can I receive an SMS on my mobile phone?
A: No, the SMS option has been disabled for security reasons.
Q: Can I get a call on my phone?
A: No, the phone call option is being discontinued by Microsoft.
Q: On the SSH gateway (jump.fbk.eu) will anything change?
A: No, because authentication takes place via keys.
Q: Will I still have to change my password every six months?
A: No, the biannual password change will be disabled from 15/10/24.
Q: I have already activated the MFA on Google, what should I do?
A: Nothing on your Google account. The MFA will be managed on the Microsoft cloud. Having or not having MFA activated on your Google account is irrelevant.
Q: Do I have to do something to activate the MFA?
A: No, you have to wait for it to be prompted by the FBK authentication systems.
Q: I have a hard time remembering all my passwords. How can I do?
A: You can use a password manager. We recommend BitWarden. You can use the one managed by FBK (bitwarden.fbk.eu) or the free standard service (bitwarden.com). In both cases, the credentials are encrypted on the client side and therefore secure.
Q: When was the MFA activated?
A: MFA is active since 19/09/22.
Q: I would like to know more, can you help me?
A: On FBK Academy there is a dedicated course on authentication, in the container IT Webinars by the Digital Solutions and IT Infrastructure Service.
Q: Should I include other OTP generation methods besides Microsoft Authenticator?
A: Yes, we recommend that you have at least two that use separate tools, for example an app on your phone and an app on the computer. That way, if for some reason you don't have access to the phone, you can still generate an OTP code.
Q: What happens if I lose access to all my OTP generation methods?
A: In this case you must contact us at [email protected] or call the 111.
Q: Can I configure my MFA authentication methods when I'm not in FBK?
A: Yes, the configuration must be done when connecting for the first time, immediately after the password change. Until the MFA configuration is complete, you cannot access the FBK services.
Q: When I receive an MFA approval request on one of my authentication systems (MS Authenticator, other authentication apps, phone) what should I do?
A: If it was you to generate the request you must obviously approve. If it was not you or if you are not sure about the request, please DO NOT APPROVE, CALL THE SUPPORT AND IMMEDIATELY CHANGE YOUR PASSWORD. It could be someone who has discovered your password and is trying to steal your identity.
Q: What are the different possible OTP generation systems?
A: Microsoft Authenticator, Google Authenticator and other authentication applications. Email, SMS and phone call cannot be used as OTP generation systems.
Q: I need more clarification and / or support on MFA
A: If you have any other questions on these topics or if you need support you can write to [email protected] or call the 111.