Two-factor authentication

The IT Solutions Centre has provided this functionality to further secure the mailboxes of the AGH employees and students. It involves setting up an additional login element for the mailbox, making it much more difficult for outsiders to hack into the mailbox, even if the password has been stolen by them. A password alone may not be a sufficient method to secure the sensitive information in your account (such as personal data, research results or bank account numbers) as hackers continue to develop new and more effective methods of stealing data. We recommend the use of two-factor authentication to all AGH e-mail, especially nowadays when digital security is extremely important.

Enabling two-factor authentication
 

You can enable two-factor authentication by logging in to your inbox via a web browser, selecting "Settings" and switching the tab to "Two-factor Authentication".

Three different methods are available:

• Mobile app
• Yubikey OTP
• Alternative e-mail address

1. To enable this authentication method, search for "TOTP authenticator" in App Store or Google Play and install one of the top free apps, such as: 2FA Authenticator, Microsoft Authenticator, Google Authenticator.

2. Press the "Enable" button next to the "Mobile App" section and enter your AGH e-mail password to confirm.

3. Scan the displayed QR code in the app you have installed. If the scan fails, enter the code displayed below manually into the app and press "Next".

4. Enter the authentication code generated by your app and press "Finish".

5. During your next log-in attempt via a web browser, you will need to enter the 6-digit code generated in the mobile app after entering your password.

1. To enable this authentication method, press the "Enable" button next to the "Yubikey OTP" section and enter your AGH e-mail password to confirm.

2. Insert your Yubikey and tap the key button.

3. You will be prompted to enter your key's name. It is especially useful if you are adding more than one key to your account, e.g. if it is an e-mail account belonging to a department or a unit and multiple employees have access to it. Confirm the name by pressing "Finish".

4. Your Yubikey has been added as a second factor for authentication. Next time you log into your mailbox via a web browser, you will need to press the Yubikey button after entering your password.

1. To set up two-factor authentication using an additional e-mail address (e.g. your private mailbox), press the "Enable" button next to the chosen method and enter your AGH e-mail password to confirm.

2.  Enter your alternative (private) e-mail address which you'd like to receive authentication codes to and press "Next".

3. A message containing an authentication code will be sent to the e-mail address you have provided during the previous step of the process. Enter the code in the designated area and press "Finish".

4. Your alternative e-mail address has been added as a second factor for authentication. Next time you log into your mailbox via a web browser, you will need to enter the 6-digit code sent to your e-mail after entering your password.

Logging in using recovery codes

If you have enabled at least one of the two-factor authentication methods, you will be able to use recovery codes which you can use to log in to your mailbox in case you do not have your second factor at hand or you have lost access to it.

1. To obtain your recovery codes, go to "Settings", switch the tab to "Two-factor Authentication" and press "Show recovery codes".

2. Save you recovery codes in a secure place.

3. To log in using a recovery code, press "Więcej opcji logowania" ("More log-in options"), choose the "Kody zapasowe" ("Recovery codes") option and enter one of your recovery codes.

1. To disable two-factor authentication, choose the "Two-factor Authentication" tab in your mailbox's settings, and press the "Disable" button in the "Two-factor authentication is on" panel.

2. Enter your password to confirm and press "Next".