back

Secure together: Introduction of mandatory two-factor authentication (2FA) at TU Darmstadt

Activate 2FA for your TU ID now before the end of 2025/2026

2025/09/15

TU Darmstadt protects your data and our digital infrastructure. By the end of 2025, 2FA will be mandatory for all externally accessible systems. Learn how easy it is to secure your TU ID and why the additional factor greatly enhances your protection.

Protecting the personal data of all TU member and the university’s digital infrastructure is a top priority at TU Darmstadt. For this reason, two-factor authentication (2FA) will become mandatory for all systems accessible via the internet by the end of 2025. This measure is a requirement of the central information security department at TU Darmstadt (InfoSec) , and complies with the requirements of the Hessischer Beauftragter für Datenschutz und Informationsfreiheit (HBDI, i.e. the Commissioner for Data Protection and Freedom of Information of Hesse) and the University Council. The University Computing Centre (HRZ) is implementing the measure in collaboration with InfoSec.

The objective is to ensure that all TU Darmstadt services accessible via the internet are protected with 2FA. Initially, there will be a few justified exceptions, such as access to email systems. In principle, services without direct 2FA support will be secured through VPN access or other security measures.

All members of TU Darmstadt are therefore required to set up two-factor authentication for their central university accounts (TU ID). The setup is straightforward and plays a key role in safeguarding both your data and the university’s digital infrastructure against cyberattacks.

Two-factor authentication (also known as multi-factor authentication, MFA) requires two separate and independent components (‘factors’) to verify your identity when accessing a system or service.

Examples of factors:

  • Knowledge: Password or PIN
  • Possession: Security token, smartphone app or chip card
  • Being: Biometric features such as fingerprint or facial recognition
  • Location: Current location (e.g. based on IP addresses)

Common scenarios include bank cards with PINs at ATMs or the use of passphrases and transaction numbers (TANs) for online banking.

Passwords alone are no longer sufficient in today’s threat landscape. Even the strongest password can be compromised through phishing, data leaks or brute force attacks. Adding a second factor significantly enhances security: even if someone obtains your password, they will still require an additional factor – such as your smartphone or fingerprint.

By activating 2FA for the TU ID, all central services of TU Darmstadt that use the university’s central single sign-on (SSO) will be protected. This protects all services connected via TU Darmstadt's central single sign-on (SSO).

Instructions and recommendations for setting up and using 2FA are available on our website: Click here for the instructions

Stay up to date: 2FA information page

Instructions and recommendations for setup and use: Instructions page

Questions or need support: HRZ IT Support

We kindly ask you to familiarise yourself with the setup process as soon as possible and not to delay until the end of the transition period. If you have any questions or need assistance, the HRZ Service will be happy to help.

Notes

For decentralised IT administrators

Decentralised services are generally protected through a connection to the central SSO. If you operate your own authentication mechanisms, it is your responsibility to enable 2FA for the respective system. As a rule, connecting to the central SSO is the recommended approach.

Access to systems not secured with 2FA may only be granted via VPN. From the end of the year, 2FA will also be mandatory for VPN access.

For HRZ-managed PCs

For employees with managed computers, a second token that is independent of the computer is mandatory in order to continue logging in via ‘VPN before log-in’ and to retain access even in the event of device loss or replacement. Recommendations on the available tokens can also be found on the instruction website.