Q: will multi-factor authentication (MFA) be mandatory for access to FBK services?
A: yes, it will be mandatory.
Q: will I have to enter an additional security code every time I log into my PC?
A: no, at this stage, access to the PC, centrally managed or self-managed, will not be subject to MFA.
Q: when will I need to enter a second authentication factor?
A: when you are not physically in the FBK buildings and you connect to our services - for example my.fbk.eu, e-mail, GitLab - you will be asked, in addition to the password, for a second authentication factor which may be a code generated by an app on the phone (OTP) or communicated by phone.
Q: this every time I access the services?
A: no, only whenever you change something, such as your browser, PC, phone, where you connect from, etc. If nothing changes, the request will occur about once a month.
Q: if I use a program to read mail instead of the browser, do I still have to use the MFA?
A: sure, most of the programs are compatible with this standard. However, for security reasons we recommend that you use a browser.
Q: why do you recommend a browser to access FBK services?
A: for several reasons, security and usability. We mention a couple but there are others. Use a browser: avoid saving mails on your PC which, in case of theft or loss, would be easily recoverable; allows you to access all Google services from a single window - mail, chat, group chat, Meet - which are the standard communication tools in FBK.
Q: if I use an App on my phone, for example GMAIL, do I have to use the MFA?
A: yes, with the same browser rules.
Q: will the MFA also be active on Microsoft applications such as Teams, Office and OneNote?
A: yes, both used via the web and on a PC, phone or tablet.
Q: what technology do you use to implement the MFA?
A: we have considered different technologies and different suppliers. The solution with the best quality/price ratio was that of Microsoft, completely cloud. When we activate it, Google services will also use Microsoft authentication. You can find more information at this link.
Q: will I have to install an app to generate MFA codes on my phone? Which? Is it safe?
A: the simplest solution is to install Microsoft Authenticator on a mobile phone or tablet. This allows, among other things, not to have to copy the OTP code by hand but to simply press an authorization button. The app is safe and compliant with the GDPR.
Q: can I use an App other than Microsoft Authenticator?
A: sure, but in this case it will not be possible to authorize by pressing a button and it will be necessary to copy the OTP code. Other recommended apps are Google Authenticator or Authy. There are also Open Source Apps.
Q: I don't want to install any apps on my phone. How do I log in?
A: you can use a PC application (Windows, MacOS, Linux), such as Authy.
Q: I don't want to install an application on my PC, what can I do?
A: you can have an auto attendant call you on the phone.
Q: can I have an SMS sent to my mobile phone?
A: no, the SMS option has been disabled for security reasons.
Q: I already use MFA on Pulse VPN. Will I have to change anything?
A: no, on Pulse/Ivanti you will continue to use the already activated MFA.
Q: on the SSH gateway (jump.fbk.eu) will anything change?
A: no, because authentication takes place via keys.
Q: will I still have to change my password every six months?
A: yes, for safety reasons and because it is a legal requirement.
Q: how will I change the password on a centrally managed PC?
A: as before: CTRL-ALT-DEL and then Change password.
Q: how do I change the password on a self-managed PC?
A: we have already activated the new password change mode at the following link.
Q: I have already activated the MFA on Google, what should I do?
A: nothing on your Google account. The MFA will be managed on the Microsoft cloud. Having or not having MFA activated on your Google account is irrelevant.
Q: do I have to do something to activate the MFA?
A: no, you have to wait for it to be prompted by the FBK authentication systems.
Q: I have a hard time remembering all my passwords. How can I do?
A: you can use a password manager. We recommend BitWarden. You can use the one managed by FBK (bitwarden.fbk.eu) or the free standard service (bitwarden.com). In both cases, the credentials are encrypted on the client side and therefore secure.
Q: when will the MFA be activated?
A: we will activate the MFA on the morning of September 19th.
Q: I would like to know more, can you help me?
A: starting from September 5th we will offer seminars on the subject with question and answer sessions.
Q: should I include other OTP generation methods besides Microsoft Authenticator?
A: yes, we recommend that you have at least two that use separate tools, for example an app on your phone and an app on the computer. That way, if for some reason you don't have access to the phone, you can still receive an OTP code.
Q: what happens if I lose access to all my OTP generation methods?
A: in this case you must contact us at help-it@fbk.eu.
Q: in the previous emails you have recommended a software to generate OTPs compatible with Windows, Linux, MacOS, iOS, and Android, called Authy. Where can I find it?
A: you can find it at https://authy.com/download/.
Q: can I configure my OTP generation methods when I'm not in FBK?
A: no, for security reasons the configuration must take place from the FBK networks. If for some reason you are never connected to our networks write us at help-it@fbk.eu.
Q: when I receive an MFA approval request on one of my authentication systems (MS Authenticator, other authentication apps, phone) what should I do?
A: if it was you to generate the request you must obviously approve. If it was not you or if you are not sure about the request, please DO NOT APPROVE, CALL THE SUPPORT AND IMMEDIATELY CHANGE YOUR PASSWORD. It could be someone who has discovered your password and is trying to steal your identity.
Q: what are the different possible OTP generation systems?
A: There are three possible systems: Microsoft Authenticator, other authentication applications, telephone (home and office). Email and SMS cannot be used as OTP generation systems.
Q: I need more clarification and / or support on MFA
A: if you have any other questions on these topics or if you need support you can write to help-it@fbk.eu.