Návody FIT
Jdi na navigaci

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is an effective way to protect your university account and data from unauthorized access. Unlike classic password-only login, MFA requires the combination of at least two independent factors.

This significantly reduces the risk of account misuse – for example, through phishing, malware, or password leaks. A second factor is usually required when signing in from a new device or after a longer period of inactivity.

Varování:

Starting from 1. 11. 2025, MFA will be mandatory for all CTU users (students, employees, partners, and alumni). It is recommended to set up at least two methods to ensure you always have a backup option for logging in. MFA applies to all CTU systems and also to some FIT systems that use CTU login.

Setup

  • Microsoft Authenticator – the recommended default method. The mobile app approves sign-ins using a verification code and allows to set up passwordless login.
  • TOTP – apps like KeePassXC/Google Authenticator that generate one-time codes.
  • Windows Hello – passwordless sign-in using biometric data (e.g., fingerprint or facial recognition) or a PIN code.
  • FIDO2 keychain – connection via USB/NFC, verification by PIN or fingerprint.

Usage scenarios

Known issues

  • Application Mozilla Thunderbid does not support keychain login. You need to use mobile application or TOTP.
  • If TOTP and keychain are set up, keychain login is always prompted first and this order cannot be changed. The user must abort keychain login and select another method if they prefer. Follow the manual here.

Support and MFA Reset

If you cannot sign in, lost your phone/security key, or need to reset MFA, please contact the faculty Helpdesk.