Main Content

FAQ - Two-factor authentication

How do I proceed if I need to register for an exam in Marvin and I do not have a functional token or no token at all?

If you do not have a functional token (e.g. TAN token, app token) when you register for an exam in Marvin, you can request a token via the request for the issue of a token for two-factor authentication. Please note that delivery by post, collection or web conference may take some time. In urgent cases, please note your problem in the request.
How do I proceed if I need to log in to a two-factor authenticated service and I do not have a functional token or no token at all?

If you do not have a functional token (e.g. TAN token, app token) for the required authentication, you can request a token via the request for the issue of a token for two-factor authentication. Please note that delivery by post, collection or web conference may take some time. In urgent cases, please note your problem in the request.
How do I proceed if I am unable to register?

First check (1) your user name, (2) your user password and (3) the correct use of your TAN, app or YubiKey token. Then try logging in again. If the problem persists, please contact the IT-Servicedesk (Lahnberge), also available by email at 2fa@hrz.uni-marburg.de. Please state your account and the topic of your enquiry.
What do I do if I have lost my TAN, app or YubiKey token?

If the token is lost, it must be blocked for security reasons. A token can be blocked (e.g. when leaving the university or if the token is lost) via the 2FA portal, via the form for reporting the current status of a token or via the IT service desk (Lahnberge), also available by email at 2fa@hrz.uni-marburg.de. Please state your account and the topic of your enquiry.
How do I have my token cancelled?

If the token is lost or compromised or if you leave the university, the token must be blocked for security reasons. A token can be blocked via the 2FA portal, via the form for reporting the current status of a token or via the IT service desk (Lahnberge), also available by email at 2fa@hrz.uni-marburg.de. Please state your account and the topic of your enquiry.
How and where do I return my YubiKey token?

The return of a YubiKey token (e.g. when leaving the university or in the event of a defect) is made to the IT Service Desk (Lahnberge) of the University Computer Centre (e.g. in person, by internal mail or by post). If you do not bring the YubiKey token in person but send it by post, please deactivate (do not withdraw or delete) it via the 2FA portal. According to the specifications of the IT security department, no active tokens should be sent.
How and where do I get my second factor (token)?

Students will receive their first token in the form of a TAN list sent to the private address stored in Marvin (only until winter semester 22/23). After that, a web portal will be made available.
Employees with a valid employment contract from the State of Hesse will automatically receive their token in the form of a YubiKey after notification of the contractual relationship from the HR department to the work address stored in the account application.
All other persons, such as guests, partners and service providers can apply for their token when applying for an account or subsequently via the application for the issue of a token for two-factor authentication.
How can I delete tokens
?
Only tokens of the type (TAN token and APP token) can be deleted. You can delete these yourself in the 2FA portal. To delete tokens, they must be deactivated.
How can I transfer my app token to a new device?
1. The easiest way is if you still have the QR code and scan it on the new device.
  Attention: The token does not need to be activated again as it is already activated.
2. The next option would be to export the token on the old device in the app and import it on the new device. As a rule, all authenticator apps offer this option.
3. A final option is to simply roll out a new app token for the new device in the 2FA portal and then delete the old one (if it is no longer required).
  Attention: The new token does not need to be activated again as it is already activated.