Account and password information

The IT services of the university can be used free of charge for teaching, research and study. However, a user permit/ an account with the corresponding access data is required.

The access data for your personal account may not be passed on to third parties and the services may only be used by you personally (for exceptions see Disclosure of user data). By using the services, you accept the usage and operating regulations of the central IT service (ZID).


Content


Accounts for employees and external lecturers

For employees who are part of the permanent staff, a personal user permit for an account is requested as part of the staffing procedure. No separate application needs to be submitted.

For all other purposes, you may complete and submit application forms online (authorized personnel only).

Requests for use can be submitted for the following group of persons:

  • Employees of the University of Innsbruck
  • Apprentices
  • External lecturers
  • External lecturers who only use the learning management system OpenOlat

External institutions, which are not university organizational units, but are strongly connected with the university, can also use services of the ZID under certain conditions. The heads of these institutions should contact the head of the ZID (Tel. 0512 507-23003).

Employees who are already actively studying will receive an employee account as their primary account (for longer-term employment). This primary account can be used for all services. The student account (CXXXNNN) remains active as a secondary account as long as the employee is actively studying.

Upon termination of employment, the student account will be reactivated for LFU:online and other services. If this does not happen automatically, please contact zid-benutzerverwaltung@uibk.ac.at.

Function accounts

For functions (e.g. institute email address, projects), it is advisable not to link authorizations directly to a person's personal account, but to create separate function accounts. These accounts are separate from the personal accounts, but the person for whom the request is made is responsible for the functional account.

Function accounts can be used by more than one person. The person responsible for the function account should change the password regularly (at the latest when a person should no longer have access).

For information on two-factor authentication for shared function accounts, see the FAQs.

Delivery of user permit

The user permit for the account will be delivered to the institute or to your private address. If you have not received a user permit, please contact zid-benutzerverwaltung@uibk.ac.at.

The access data for function accounts are sent to the personal university e-mail address of the person responsible.

Expiry of user permit

As a rule, personal user permits are valid until the end of the person's employment, function-related user permits (for function accounts) are valid for two years from the date of permit.

In order to simplify the administration and to provide the heads of the organizational units with a more precise overview, the ZID sends out a collective application once a year. All valid function accounts are recorded on the collective application and transmitted to the ZID for further renewal or deregistration.

If a user permit is provided for deregistration, the ZID gives the affected users deadline to secure data. To inform users about the imminent expiry of their account, the ZID sends two or, in the case of personal accounts, three expiry warnings by e-mail.

After the account has been blocked, the data (e-mails, documents) are retained for one year, after which they are deleted.

Rules for expiration of accounts after termination of employment

Employees will receive a notification via email one month after the termination of the employment, stating the exact date of user permit expiration for the account. The deadline is six months for permanent staff and adjunct faculty. It is not possible to extend the user permit for the account beyond the stated date.

Emeritus university professors and retired academic staff may continue to use the personal account and apply for an extension after five years in each case.

In the case of personal accounts, an automatic reply email will be sent for one year from the time the account is blocked, stating that the email address no longer exists. Staff members have the option of entering a reference to an alternative mail address there. This can either be another personal email address or a reference to an institute address.

In the information mail about the expiration of the user permit and account blocking, a link for activating this function is provided. The link is also given on LFU:online. This link is only available in the period between the sending of the first expiration warning and the blocking of the account. The activation of the automatic reply will take place only when the account is blocked. Mail forwarding to other mail addresses is not possible after the account has been blocked.

In the event of renewed employment, the period of use of the account can be extended or the account unblocked either via the entry workflow or via the application form.

If the employment takes place within the expiration period, a corresponding notification for the extension of the user permit is usually sent, a separate application is then not necessary.


Accounts for students

Students receive the account for the IT services of the ZID together with the admission data. The document contains the user ID (= username), the initial password and the official e-mail address (e.g. Vorname.Nachname@student.uibk.ac.at).

If you have any questions or problems with the account, please contact zid-benutzerverwaltung@uibk.ac.at.

Communication from university institutions

Important personal messages from the university (e.g. appointments, notifications of exam results, etc.) will be sent to your mail address. You can read the mails via webmail for students, in a mail client or in the university app.

Expiry of user permit

The user permit expires at the end of the admission to studies (formerly: exmatriculation). Admission to studies expires if no continuation notification (formerly: enrollment) is made.

After the end of the admission period (October 31 for the winter semester or March 31 for the summer semester, plus a processing period), a check is made to determine which students are no longer admitted. Students who are no longer admitted will receive an expiration warning by e-mail to the university e-mail address at least 10 days before expiration with the exact expiration date. On this date, the account will be automatically blocked, an extension beyond this date is not possible.

Access to LFU:online remains active even after the account has been blocked. You can still log in with your ID and the corresponding password and retrieve your examination data, etc.

If you are admitted to the program again, the account will be reactivated in the course of the admission procedure in the Admissions Office. In this case, the ID, initial password and e-mail address remain unchanged. The password will be reset to the original initial password during reactivation. If this automatic reactivation has not taken place, please contact zid-benutzerverwaltung@uibk.ac.at.

Further information:


Password

If you wish to change your password, log in to the University's Account Portal and follow the steps provided there.

The password is used to authenticate users on the university's systems. It is permanently assigned to your ID. You can find it in the user permit sent to you (for members of the institute) or you received it with your admission documents when you were admitted to the study program (for students).

The password is valid for the services offered by the ZID. A few examples:

  • E-mail
  • PC registration
  • VIS:online
  • LFU:online
  • OpenOlat

Secure handling of passwords

Your password protects your access to IT services of the ZID. A suitable password protects your account from being misused by others. You are responsible for actions taken from your account, even if someone else has misused your access data.

Choosing a suitable password

You will receive an initial password from ZID. Change this as soon as possible and replace it with a suitable password of your own.

Please note the following requirements for a suitable password

  • The password must have at least eight characters; umlauts (ä, ö, and ü) must not be used.
  • It must contain at least one uppercase letter, ideally not at the beginning of the password
  • It must contain at least one digit
  • We also recommend the use of special characters; suitable are dot, comma, semicolon, question mark, exclamation mark, minus, underscore; special characters must not be used at the beginning of the password.

A simple method to create a secure password: think of a sentence and construct the password from it. An example is the sentence "This is a secure password, right?".

This results in the following password:

Ti1sPw,r?

The password becomes even more secure if you change the case of singular letters or take several letters from one word (without making it difficult for you to remember), for example:

Tis1siPW,r?

Password safekeeping

Ideally, choose a password that you can remember and don't have to write down. If you are unsure if you can remember the password, write it down, but store it in a way that is not accessible to anyone else. A common mistake is to have the password written down on a piece of paper that is attached on the computer, monitor or under the keyboard. So-called password managers are helpful with the secure handling of passwords.

A platform-independent, free password manager is KeePassXC.

Administrator password

Note that there is also an "Administrator" user on your PC. A secure password must also be selected for this user. If you have questions about this or problems with your administrator user, please contact the technical support of your institute.

Entering the password

Make sure no one is watching you when you enter your password. If you are unsure whether someone has seen the password, set a new one immediately.

Disclosure of user data

The password of a personal account may only be known to the owner of the ID in order to avoid misuse.

Passing on the password to third parties violates the ZID's user regulations.

Function-related user authorizations are an exception. You can find more information about this under Function accounts.

External private accounts

Nowadays there are many web services for which you need an account.

For these web services you should in any case use a different password than for the services of the ZID: This password is transmitted over unknown and thus potentially untrusted networks. If possible, you should use a separate password for each of these services.

Modern browsers also offer the possibility to save the passwords for you, so you don't have to remember them. However, the passwords are now stored under your account in the browser profile. If someone gains access to your account, it is easy to learn these passwords. Therefore, if you use this feature of the web browser, you should pay special attention to the security of your account and assign a master password for the browser password safe.

A platform-independent, free password manager is KeePassXC.

More links on the topic


Two-factor authentication

With two-factor authentication, a second factor in the form of a number or a security token is requested in addition to the usual password when logging in. Only if both factors are entered correctly, the login can be performed successfully. The combination of a password (something you know) and a second factor (something you own) therefore provides better protection against unauthorized access to the account.

There are two possible methods for authentication with a second factor. For the first method, one needs an authenticator app on a cell phone. After entering the password when logging in, you have to open the app and type in a number (one-time password). The second method requires either a security token (in the form of a USB stick) or a security chip built into the computer or cell phone.

The ZID recommends setting up both procedures. If one second factor is lost, this still gives you the option of logging in with another second factor.

Once you have set up one or more second factors, you can use them to log in to university services in the future. You do NOT have to set up a second factor before each login.

Getting started - How do I set up two-factor authentication?

To set up a second factor for logging into university services, the first thing you need to do is set up an authenticator app and/or a security chip or security token. Then, in a second step, these must then be connected to your Uni account via the Account Portal.

Here you will find step-by-step instructions on how to set up two-factor authentication.

Open the Account Portal and follow the instructions there to start directly.

Authenticator App - Android and iOS

An authenticator app generates one-time passwords that you must enter as a second factor after logging in with your password. The method used at the university is called TOTP, which stands for time-based one-time password.

If you use multiple accounts (see function accounts), you can use the same authenticator app for all of them. You just need to link the authenticator app to the corresponding account in the Account Portal.

Install the privacyIDEA Authenticator (NetKnights GmbH) on your mobile device. Then go to the account portal and follow the steps to set up the app.

Here you will find step-by-step instructions on how to set up the Authenticator app.

Security chip

It is also possible to query the second factor via a security chip built into the computer or cell phone. This method is more practical and faster than using an authenticator app, but it is not as flexible because it is linked to a device. For example, on Windows the security chip is enabled with the setup of Windows Hello PIN. One can then use this security chip with a PIN as a second factor.

You must therefore first activate the security chip in your device and then link it to your account in the account portal.

Here you will find step-by-step instructions on how to set up the security chip.

Please note: if you activate the security chip as a second factor on the device at your workplace, you cannot use it to log in to your device at home, as this second factor is tied to the device at your workplace. Please use an authenticator app or a security token in addition.

Windows Hello PIN

To use the security chip as a second factor on Windows devices you need to set up the Windows Hello PIN.

Here you will find step-by-step instructions on how to set up the security chip.

Apple ID

To use the security chip as a second factor on Apple devices, you must first set up the Apple ID. This variant currently only works with Safari on macOS. Chrome and Firefox are not supported.

Here you will find step-by-step instructions on how to set up the security chip.

Security chip - GNU/Linux

GNU/Linux currently lacks an implementation of a FIDO2 platform authenticator, so the TPM chips built into common hardware cannot be used as a second factor. As a result, you can currently only use an authenticator app (TOTP) or a FIDO2 roaming authenticator (e.g. dedicated security token) under GNU/Linux.

Security token

A security token is special hardware that can be used as a second factor. Please make sure that the product supports the FIDO2 standard. At ZID, successful tests have been made with the NitroKey FIDO2 and the Security Key product line from Yubico. The security token connects to a USB input on your device and typically has an actuation mechanism, such as touching a contact surface.

If you use multiple accounts (see function accounts), you can use the same security token for all of them. You just need to link the security token to the corresponding account in the Account Portal.

Here you will find step-by-step instructions on how to set up the security token.

Please note: if you have already set up the Windows Hello PIN on your device, you will need to cancel its entry to set up the security token.

You should always have the security token with you, and attach it to your keychain, for example.

You can find out how to obtain a token from the university in our FAQs.


Single Sign On (SSO)

SSO enables the use of various web applications of the University of Innsbruck and other providers via the Austrian academic federation ACOnet Identity Federation, as well as the global academic federation eduGAIN after a single sign on.

Once you have logged in, you can use all services on the same device in the same browser without having to log in again (the exception here is the Account Portal). The system does not require you to log in again until after 8 hours.

Login and Logout

When logging in, you enter your identifier and password that you received from the university and, if necessary, a mandatory factor.

To make sure that you are logged out from all websites using WebSSO of the University of Innsbruck, please close your browser.

Log in with another account

If you want to log in with another account (e.g. function accounts), you have the following options:

Log in on foreign devices

Please enter your credentials only on trusted devices!

If you log in on a foreign device, we recommend using the private mode of your web browser (Mozilla Firefox; Google Chrome; Microsoft Edge; Internet Explorer). Close the browser windows to log out.

Windows Login (Integrated Windows Authentication)

This method allows you to automatically log in to WebSSO as soon as you are logged in to your Windows workstation PC.

If you always want to be logged in automatically, select the "Always use Windows Login" option. You can change this option via your settings.

This method works for PCs that are logged in to the Windows domain of the University of Innsbruck.

Furthermore, your web browser must be configured for Windows Login of the University of Innsbruck. This is the case by default for workstation PCs for Microsoft Internet Explorer as well as Google Chrome. For Mozilla Firefox the WebSSO server (idp.uibk.ac.at) must be entered:

  1. Enter about:config in the address bar.
  2. On the configuration page, search for negotiate.
  3. You should now see the option network.negotiate-auth.trusted-uris. Click on it. A dialog will open. Enter idp.uibk.ac.at here and confirm.

 FAQs

I have forgotten my password, what should I do?

First of all, please make sure that you have entered the ID and password correctly and that the Caps Lock is deactivated.

Please contact the ZID Service Desk. For security reasons, you will be asked to confirm your identity. Therefore, please have a document ready that verifies your identity.

I have problems with my password.

If you are able to log in to some services (e.g. web mail) but not others (e.g. LSA, VPN access, wiki login, etc.), you can synchronize your password in the Account Portal.

You can also change your password via the account portal.

How can I change my password?

You can change your password via the account portal.

In addition to your user ID and the old access password, the new password must be entered twice. We recommend to use upper and lower case in the password and at least one digit or special character (see also Choosing a suitable password).

If you use network drives (e.g. the home directory I:, in general: network file systems), you must log out of your computer and log in again after changing the password.

I cannot access my Second Factor.

If you cannot locate your Second Factor, you should contact the ZID Service Desk immediately.

To ensure that you retain access to your account and resources even if you lose or forget your current device, we strongly recommend setting up additional factors. By having multiple second factors, you minimize the risk of access issues and ensure reliable and flexible authentication.

Please note that when setting up additional security tokens, you should ensure that they support the FIDO2 standard to ensure the highest possible security. Contact the ZID Service Desk if you have any questions or need assistance.

I lost my cell phone with the Authenticator app.

It is important to report the loss or absence of the Second Factor immediately to minimize potential security risks and restore access to your digital services. Do not hesitate to contact the ZID Service Desk for assistance.

I have set up the Windows Hello PIN on my device and now I cannot add a security key.

If you have set up the Windows Hello PIN on your device and are now having trouble adding a security key, please follow the steps below:

  • If the Windows Hello PIN setup started before you could add a security key, cancel the setup.
  • After canceling the Windows Hello PIN setup, you can now add a security key.

We have a shared function account. What do we need to consider when setting up a second factor?

Please note that account sharing is only allowed for function accounts. See also Disclosure of user data.

We recommend generating separate 2FA tokens for the function account for each person with access rights. Ideally, the tokens are created together in a personal appointment. The person responsible for the account logs on to a device in the account portal with the user data of the function account. All persons involved can then create a second factor there with their own Authenticator app or their own security token. To be able to assign the factors better, it is recommended to note the name of the associated person in the token description. Each person can then log in to the function account in the future with the user data of the function account + their own second factor.

I don't want to or can't install the Authenticator app.

You don't have to install the app we recommend. You can also use another app that supports the TOTP standard.

For Android devices, we have had good experiences with Aegis, for example. On iOS, the operating system's password manager also supports TOTP and can therefore be used. We ask for your understanding that the Service Desk can only provide support in case of problems with the app we recommend.

To generate the login codes, the app does not need any permissions (Internet access, address book access, access to files on the device, ...), apart from camera access to scan the QR code. A critical look at the permissions desired by the respective can help in choosing a trustworthy app.

During setup, only a so-called secret is exchanged via the QR code. An authenticator app can use this secret and an algorithm to generate one-time passwords. Thus, no personal or sensitive data is exchanged.

Can I install an authenticator app on my desktop computer or my notebook?

The second factor should represent physical possession. We therefore recommend generating the login codes on a mobile device that you usually carry with you.

For special use cases, it may be useful to (also) install an authenticator app on a desktop computer/notebook. We recommend the following solutions for the different operating systems.

  1. Many password managers supported the generation of login codes (TOTP) on different operating systems. We have created a guide for KeePassXC.
  2. The password manager integrated in macOS supports TOTP, but on this platform we recommend to use the Security Chip.
  3. On GNU/Linux we recommend GNOME Authenticator.
  4. On systems with Microsoft Windows, 2fast can be obtained from the Microsoft Store. If possible, we recommend to use Windows Hello though.

(This list is to be understood as a recommendation. Unfortunately, the ZID cannot provide specialized support for these applications).

How can I apply for a security token?

The Central IT Service (ZID) provides a hardware security key for two-factor authentication to every employee of the university on request. The Security Key NFC model from the manufacturer Yubico is currently being issued.

The order and handover will take place collectively per organizational unit (institute, service unit, etc.) until February. After that, employees can apply for a token independently from Technical Support if necessary.

We therefore ask the OU heads or their secretariats to inquire about the needs of your employees and to submit them to the Technical Support at your location. Please complete the following Excel template:

Order Security Tokens

The Technical Support staff will then let you know when the security keys are ready for collection for your OU.

Please understand that there may be short waiting times. The hardware is procured in batches according to demand.

In principle, one security key is issued per employee - this can be used for both personal and functional accounts. In the event of loss or damage, we reserve the right to demand reimbursement of costs for a further issue.


Service Desk / Service-Hotline
  (0512) 507-23999 (Montag - Freitag, 08.00 bis 16.00 Uhr)
E-Mail: ZID-Service@uibk.ac.at

Nach oben scrollen