The use of MFA is expanding – are you ready? More comprehensive Multifactor Authentication will strengthen the digital security of University staff and students from 25 March 2025

20.03.2025 - 09:23

The University of Helsinki will strengthen its digital security by implementing Multifactor Authentication (MFA) more extensively in the University’s online services from 25 March 2025. Additional authentication will be required for almost all of the University’s online services and all user groups.

In 2021, the University of Helsinki gradually introduced Multifactor Authentication in its Microsoft 365 services. The use of MFA is now also being expanded to services using the login.helsinki.fi sign-on (e.g. Flamma, Sisu and many other services of the University).

The number of MFA users at the University is also increasing: Multifactor Authentication is being adopted by students of the Open University and users outside the University.

We asked Kenneth Kahri, Information Security Officer, and Jukka Karvonen, User Administration Specialist, why the use of MFA is being expanded at the University of Helsinki and how it will be reflected in the everyday life of the University staff and students.

Multifactor Authentication improves digital security for University staff and students

So, why is the use of Multifactor Authentication being expanded at the University?

– Because we want to protect the University’s operations and users, says Karvonen.

– The data will be more secure and the likelihood of cyber attacks that significantly hinder the University’s core operations will decrease.

Kahri continues:

– The greatest benefit of expanding the use of MFA for the University staff and students is that their personal information will be better protected should their password fall into the wrong hands. With regard to the University’s operations as a whole, a higher level of security makes it easier to process the information to be protected with a wider range of tools and at a lower risk. Operations with partners are also facilitated as meeting contractual requirements is made easier. It is also valuable that the University’s IT environment will be more difficult to misuse for attacks within the University or against other operators in the future.

Karvonen also emphasises that the requirement to use methods that are more secure than only using passwords for authentication comes in part through legislation, decrees and the University’s contractual obligations.

– The University’s organisation must process data in accordance with the requirements and also be able to demonstrate this. Multifactor Authentication plays an important part in this, says Karvonen.

Even if the use of MFA is not necessary in all of the University’s online services or use cases, the diversity of information systems makes it difficult to distinguish the required level by system and role. On the whole, it is also clearer for the user that additional authentication is required extensively in the University’s online services.

The use of Multifactor Authentication has been common at Finnish universities and higher education institutions for years; only the degree of implementation and details vary somewhat.

– Passwords as the only login method are simply no longer sufficient to achieve an appropriate level of security, says Kahri.

Little effort for the individual, a big benefit for the entire University

Will the expansion of the use of MFA lead to a lot of additional inconvenience, and how often should additional authentication be carried out in the University’s various online services?

– This depends on the user and ways of use. The inconvenience caused by authentication will also in part decrease. Even though authentication is now being required more frequently in Microsoft’s browser-based services, for example, the authentication is also remembered for longer in services that use centralised login, says Karvonen.

– Roughly speaking, students will be asked to identify themselves in the same browser at least once every 30 days and the staff once every 5 days. Authentication may also be requested more frequently on a risk basis.

There are many methods of additional authentication, and Karvonen recommends that you also familiarise yourself with passwordless methods. For example, using a passkey is a fast and reliable authentication method where you use a mobile phone application.

Read more:
The use of Multifactor Authentication (MFA) will be expanded at the University on 25 March 2025

Read the instructions for using MFA on the IT Helpdesk instructions site:

If you need any support in using MFA, please contact IT Helpdesk:

  • Chat (weekdays 9 AM–3 PM, chatbot 24/7): helsinki.fi/helpdesk
  • Tel.: +358 29 415 5555 (weekdays 9 AM–3 PM, local network charge/mobile call charge)
  • Email: helpdesk@helsinki.fi
Back to top