The distribution of IT systems on different sites and smart working increase the risks associated with the availability and privacy of data exponentially.
Center for Cybersecurity and IT Infrastructure Service are working on a two-year project to improve IT security in FBK, focusing primarily on the recognition of user identity, introducing the MFA for access to the Foundation's services.
Multi Factor Authentication (MFA) is a technology that allows you to recognize, through multiple authentication methods, the person who accesses a system or application.
It has been adopted by the Italian government (SPID), banks, Google, Microsoft, etc.
The user's identity is important, because it is the first cause of compromise.
- Identity theft can lead to various risks:
- information theft
- violation of privacy
internal escalation towards data and systems
When you are not physically in the FBK buildings and connect to FBK services - my.fbk.eu, e-mail, etc. - you will be asked for a second authentication factor which can be a code generated by an app on the phone or sent via email.
As of September 19, 2022, the MFA authentication method has been implemented for all Foundation users.
From that date, when you are not physically in the FBK buildings and you connect to our services - for example my.fbk.eu, e-mail, GitLab - a second authentication factor is required, in addition to the password, which can be a code generated by an app on the phone (OTP), sent by email or communicated by phone.
Warning: this will not be requested at every access, but only if you access the services from another device or if something has changed on it. Otherwise, the OTP will be requested approximately once a month.
It is already possible to set it independently by accessing the portal https://myaccount.microsoft.com/ with your credentials.
At this link the user guide for the Multi Factor Authentication configuration is available.