https://www.uni-passau.de/en/webservice/mnav/157462/mnav.webservice
Apply Study options Academic Advice Service Course catalogue International Office Careers and Competencies Examinations Office Graduate Centre Student Services Association University Library
Deutsch
Hauptnavigation öffnen
Suche einschränken Gesamte Universität Hilfe- und Supportportal
Help & support

Data protection information MFA

Data protection image MFA

To protect your user accounts, we use privacy-friendly multi-factor authentication (MFA). This measure increases security when accessing systems and services.

Multi-factor authentication (MFA) is a security procedure that protects access to a system or account by requiring multiple authentication methods. Unlike traditional authentication, which only requires a username and password, MFA adds at least one additional layer of security.

This security layer can be a physical device, such as a smartphone or a security key. Users must possess this device to authenticate. This requires confirming the login or entering a numerical code in one of the following authentication methods (e.g., an app).

By combining multiple factors, in this case the password and the code from the chosen authentication method, security is increased, since a potential attacker does not only have to gain access to one factor, but to several at the same time.
Therefore, multi-factor authentication helps to improve the security of user accounts, systems and sensitive information, and protects against unauthorized access even if one authentication factor is compromised.

The MFA solution is based on Microsoft Entra MFA in combination with federated login. When using Microsoft Entra MFA, you log in with your personal Microsoft account. Information about your Microsoft account can be found at Microsoft 365: https://www.hilfe.uni-passau.de/m365

Users have the option to choose which additional security factors they want to use for login. These factors are managed independently by the user via the Microsoft user portal.

Phone (SMS): A unique code will be sent to your mobile number via SMS.

Telephone (call): This option is only available to students. You will receive an automated call to confirm your registration.

  • Low barrier, suitable for people with visual impairments.

Microsoft Authenticator App: Push notification or code entry via the app.

FIDO2 security key: Hardware-based authentication via, for example, a USB device.

  • Accessible and suitable for people with visual impairments.
  • Particularly data-efficient.

TOTP-Token: Time-based one-time passwords via apps.

  • Low barrier, suitable for people with visual impairments.

Windows Hello for Business: Available for company Windows PCs. Biometric login (e.g., facial recognition or fingerprint) or PIN stored locally on the device. Login is password-free and meets high security and data protection standards.

  • Accessible and suitable for people with visual impairments.
  • Particularly data-efficient (especially PIN).

Third-party authentication apps: e.g., Google Authenticator, Authy, or similar.

The use of these factors is voluntary, however at least one second factor is required to enable access to protected services.

The MFA methods are stored in your Microsoft account, which results in personal data being linked to you. In addition to the data processing that occurs when you log in to your Microsoft account (see Microsoft 365), the specific factor used for MFA is also stored.

Furthermore, the following data is processed, depending on the MFA method used.

FIDO2, Minimal: No personal data. Transmission of the public key and metadata (e.g., manufacturer, model) of the authenticator used.

Windows Hello for Business: Locally stored biometric data or PIN; no transfer to Microsoft.

TOTP (e.g., authenticator app): Exchange of a secret key when setting up TOTP. No further data transfer during use, only local codes.

Microsoft Authenticator (Push): IP address and device information are transmitted to Microsoft.

Telephone (SMS/call): The telephone number is processed and transmitted to telecommunications providers.

Third-party apps (e.g., Google Authenticator): Local, but dependent on the provider – observe the respective privacy policies.

The MFA data (e.g. telephone numbers) are used exclusively for authentication purposes and processed in accordance with applicable data protection laws.

  • Passwords will not be shared with third parties.
  • No profiling or use for other purposes.
  • Data is stored exclusively within the EU or in accordance with the DSGVO.

The introduction of a multi-factor authentication (MFA) is based on Article 6 Paragraph 1 Letter c GDPR (DSGVO) in conjunction with Article 43 Paragraph 1 BayDiG. This obligation is further specified in Article 42 Paragraph 1 Number 3 BayDiG in conjunction with the guidelines of the Bavarian State Office for Information Security (LSI).

You have the right to:

  • Information about the data stored about you.
  • Correction of inaccurate data.
  • Deletion or restriction of processing, provided there are no legal retention obligations.
  • Objection to the processing of your data within the scope of the MFA.
Share this page

Beim Anzeigen des Videos wird Ihre IP-Adresse an einen externen Server (Vimeo.com) gesendet.

Video anzeigen