The usage of an authenticator app on a business or private smartphone or tablet is generally recommended. If you do not have such a device, hardware tokens can be purchased at the service point "Ausleihe" in the library (Bibliotheks-Zentrale).

• TOTP setup with Authenticator APP for iOS
• TOTP setup with Authenticator APP for Android
• TOTP setup with hardware token (other than Zentralen Universitätsverwaltung)

For employees of the Zentralen Universitätsverwaltung, the use of a hardware token is mandatory for the generation of TOTPs.

• TOTP setup with hardware tokens (Zentrale Universitätsverwaltung)

The use of an authenticator app on a smartphone or tablet is generally recommended. If you do not have such a device, hardware tokens can be purchased from the service point "Ausleihe" in the library (Bibliotheks-Zentrale).

• TOTP setup with Authenticator APP for iOS
• TOTP setup with Authenticator APP for Android

If access to the administrative network or the university's GLT network is required, a hardware token must be requested via the responsible supervisor:

• TOTP setup with hardware tokens (Zentrale Universitätsverwaltung)

No, for security reasons, only one active software or hardware token can be used at a time. Activating another token via the IDM automatically deactivates the existing token.

To move software tokens, you can either use the options provided in the Authenticator APP or you can log in to IDM again and generate and activate a new software token on your new device. This new token replaces your existing token, which then loses its validity.

Only tokens generated or managed by kiz can be used for authentication on the MFA platform operated by kiz. It is not possible to import decentrally acquired tokens or tokens from third parties.

Private devices should generally not be used for business purposes. This is also taught in the online awareness courses, for example. However, there are exceptions to this general rule for reasons of practicability. For example, soft tokens may also be set up and used on private devices (usually smartphones). This does not result in a significantly higher risk, if at all. If you do not wish to use a private device for other reasons, you must obtain a hardware token from kiz, which is free of charge for employees. In terms of the pure security aspect, however, this is not necessary.

The modules on awareness have been purchased by us and therefore cannot reflect the regulations at Ulm University in every detail.

No, a TOTP (time-based one-time password) is generated twice per minute and is valid for 30 seconds each time. During the validity of the TOTP, it can only be used once. If you need several TOTPs within a short period of time, you will unfortunately have to wait a few seconds after successfully using a TOTP until a new TOTP has been generated (maximum 30 seconds) due to technical restrictions.

TOTPs are generated twice per minute based on time and can only be used once during their validity. When a token is successfully assigned, the current TOTP is used up and cannot be used again. This means that you must wait until a new TOTP is generated (maximum 30 seconds) before you can test the token again or use it for the next login.