Multi Factor Authentication (MFA)

The distribution of IT systems on different sites and smart working increase the risks associated with the availability and privacy of data exponentially.

The Center for Cybersecurity and the Digital Solutions and IT Infrastructure Service worked on a two-year project to improve IT security in FBK, focusing primarily on the recognition of user identity, introducing the MFA for access to the Foundation's services.

Multi Factor Authentication (MFA) is a technology that allows you to recognize, through multiple authentication methods, the person who accesses a system or application.

The user's identity is important, because it is the first cause of compromise.

Identity theft can lead to various risks:

• information theft
• violation of privacy
• internal escalation towards data and systems
  
  

From September 19th 2022, the MFA authentication method has been implemented for all Foundation users.

From that date, when you connect to our services - for example my.fbk.eu, e-mail, GitLab - a second authentication factor is required, in addition to the password, which is a code (OTP - One Time Password) generated by apps installed on the phone (for example Microsoft or Windows Authenticator) or similar programs on PC.

This is not requested at every access, but only if you access the services from another device or if something has changed on it (for example, using different Wifi networks or the smartphone connection). Otherwise, the OTP is requested approximately once a month.

Attention: Recent Social Engineering attacks (a technique of cyber-attacks based on the study of people’s behavior with the purpose of manipulating them and stealing confidential information) have highlighted the need to further strengthen security. Therefore, together with the Center for Cybersecurity, we concluded that it is necessary to introduce MFA requests also within the FBK buildings (always with a frequency of about 30 days) and to disable phone number authentication.

Setting MFA autonomously is easy: after installing an OTP generator, you have to access the portal https://myaccount.microsoft.com/ with your credentials. For new users the procedure is guided, while for users who have already set authentication methods, they must connect to the same link with their credentials, enter the Security Information section and add App Authenticator among the login methods. 

We suggest to configure two authentication methods on two different devices, because in case of theft/loss or replacement of one of the two, access to FBK services will be possible anyway.