Two-factor authentication

Why do we need two-factor authentication?

Currently, it's possible to sign in by knowing two pieces of information - account username and password. Username can be derived from e-mail address which leaves an attacker to figure out the correct password. Password can be revealed through data leak, malware, phishing e-mail or website or even through guessing.

Compromised user accounts can be misused to distribute e-mail spam, malware and phishing, collect personal data and perform industrial espionage. Data stored on user account enables an attacker to commit identity theft.

By introducing two-factor authentication, we are helping to protect your and Tallinn University of Technology's user accounts, reputation, personal data, e-mail correspondence and intellectual property.

Two-factor authentication is required while signing in from computer networks other than the university's network.


Authenticator app

To set up two-factor authentication, you first need to install an authenticator app on your mobile phone. Our recommendation is Microsoft Authenticator, as it provides the most convenient user experience.

Microsoft Authenticator does not require entering time-based code (TOTP), but instead displays a notification to either approve or deny the sign in. In case you do not wish to use the authenticator app, you can either use text message (SMS) or phone call as an alternative.

The phone number entered will only be used to provide two-factor authentication service and will not be displayed publicly. 


Authentication app is available for both Android and iOS mobile phones.



It is possible to use alternative authenticator apps such as AgileBits 1Password, Google Authenticator or Red Hat FreeOTP. However they lack support for notifications and require entering time-based one time code (TOTP) generated by the app in order to perform two-factor authentication.
Select "Use verification code from app or token" from default verification option drop-down menu on the setup page. During mobile app configuration, click on the link labelled "Configure app without notifications" that is located beside QR code and only then scan the displayed QR code using your phone.


Setting up two-factor authentication

  1. To set up two-factor authentication, visit website https://mail.taltech.ee and sign in using your Uni-ID account.

  2. After a successful sign in, you will be presented with a notification requesting for more information. Click on the button labelled "Next".
    Important: While signing in from university's computer network, you might not be automatically redirected to the prompt. In such a case, visit website https://aka.ms/mfasetup.


  3. Choose "Mobile app" from the drop-down menu and tick "Receive notifications for verification" button. Click on the button labelled "Set up".


  4. Open Microsoft Authenticator app in your phone and select settings (three vertical dots at the top right of the screen). Select "Add account".


  5. Select "Work or school account". On pop-up, select "Scan a QR code".


  6. Your phone will switch to camera mode, point the camera towards QR code displayed on your computer screen. The phone will automatically scan the code and your user account will appear in Microsoft Authenticator account list. Click twice on the buttons labelled "Next" on your computer.

  7. To verify the correct functioning of the app, one authentication attempt will be performed. Select "Approve" on the notification displayed on your phone.


  8.  As the final step, you are asked for your phone number. Select your carrier's country calling code from drop-down menu and enter your phone number. Click on the button labeled "Done".
    By providing your phone number, you will retain access to your account even if Microsoft Authenticator app malfunctions - you can request the authentication code by either text message (SMS) or phone call.
    It is recommended to enter your mobile phone number (either work or personal) as landline is fixed one specific physical location and redirecting authentication calls may cause technical issues.
    The phone number entered will only be used to provide two-factor authentication service and will not be displayed publicly.


  9. Upon successful setup, you will be displayed configuration page if you used aka.ms/mfasetup for configuring two-factor authentication. Verify that the settings are like those displayed on the illustration below.

Using two-factor authentication

While being connected to university's network, two-factor verification is not required and user experience will not change - Uni-ID username and password remain enough to sign in.

While being connected to other networks (for example at home or abroad), the sign in process has got an extra step.
After entering username, password and clicking on the "Sign in" button, you will be presented with "Approve sign in request" notification and your phone will receive a notification with options to either approve or deny the sign in.



Modifying two-factor authentication configuration

Upon changing your telephone number, mobile phone or authentication app, you might have to modify two-factor authentication configuration, which can be done on website http://aka.ms/mfasetup.