Multifactor Authentication (MFA, 2FA, Authenticator)
Why we use MFA at Aalto and instructions for starting to use MFA.
Passkeys in Aalto Login
Aalto Login supports passkeys. Why and how to use a passkey.
Students: please note that passkeys do not yet function with the EXAM online service. If you have already registered passkey, you can ask IT Service Desk to delete it.
Students: please note that passkeys do not yet function with the EXAM online service. If you have already registered passkey, you can ask IT Service Desk to delete it.
Why use a passkey?
- Passkeys are multifactor by nature. No need to worry about additional factors.
- Passkeys are more convenient to use. On your phone's browser all you need for login is your thumbprint. On desktop all you need is to scan a QR code with your phone's camera and give your thumbprint.
- Registering a passkey makes your account more secure. With passwordless login your password cannot be brute forced or used to log in via a browser anymore.
What do I need to use a passkey?
- Your Android phone or iPhone. A reasonably modern Android or iPhone works out-of-the-box. No need to install any software.
and/or
- A hardware token like a Yubikey or any other FIDO2-compliant security key
How do I start using passkeys?
Bear in mind that once you register a passkey you cannot log in any other way. This means that you must be able to use a passkey for login on both mobile and desktop devices.
- A passkey registered on your phone works natively with the mobile browser.
- Using the passkey from your phone with a desktop browser works best on the Chrome browser.
- Hardware tokens work with almost any desktop or mobile browser.
To start using passkeys go to with your browser.
Logging in to passkey registration
You can log in either with your password or suomi.fi authentication.
The passkey registration view
In the registration view you can add new keys and delete old ones. Passkeys with the label "Passwordless" can be used for passwordless login. Some authenticators that do not implement User Verification correctly require a password after logging in with the passkey.
What if I lose all my passkeys?
After you have registered a passkey, you cannot log in with a password anymore.
If you lose your passkey(s) you can log in to with suomi.fi authentication and remove all your registered passkeys. If you cannot use suomi.fi login you have to open a ticket in Service Desk and request your passkeys to be deleted.
After your existing passkeys have been deleted you can log in with a password again to register new ones.
Which passkey provider should I use on my phone?
The majority of Android phones come with Google Password Manager by default while iPhones use Apple Passwords. Both are fine and can be used.
Some passkey providers do not do User Verification (biometrics or PIN code) reliably. When using those passkey providers you will be asked for your password after logging in with a passkey.
The recommended passkey provider on Android is for the following reasons:
- Open source so under continuous auditing
- User Verification is done in conformance with the WebAuthn specification
- Does not need an internet connection to work
- Does not sync, copy or otherwise leak data anywhere by default
- The free version contains all essential features
IT Service Desk contact information and service hours
Contact IT End User Support for help or information on Aalto University IT.
a contact point to the users of the Aalto University IT who are in need of help and information. You can visit the service desk during opening hours or ask for help by email, telephone or chat.