A Unified Multi-Factor Authentication Strategy: Enhancing Security in Academic Institutions with a Case Study of TU Wien

An increasing reliance on digital services in academic institutions and the growing sophisticationof cyber threats necessitate secure and scalable identity & access management(IAM) solutions. While multi-factor authentication (MFA) is widely recognized as an effectivesecurity measure, its implementation in higher education presents unique challenges.These include user resistance, and technical integration difficulties due to fragmentedauthentication systems and legacy infrastructure. As a result, many institutions of highereducation, including TU Wien, predominantly use single-factor authentication (SFA)mechanisms to secure access to their systems. This reliance on SFA poses significantsecurity challenges, especially as these systems often handle vast amounts of sensitiveinformation across multiple platforms that students can access.This thesis investigates these challenges and proposes a unified MFA strategy to enhancethe security of data in academic institutions, with TU Wien serving as a case study. Toachieve this, the methodological approach consists of three research methods. First, asystematic literature review (SLR) was applied to examine existing MFA solutions, theiradoption in commercial and academic settings, and their impact on security and userbehavior. Secondly, semi-structured interviews (SSIs) provided insights into practicalchallenges and considerations by engaging IT security experts and other stakeholdersof Austrian universities. These interviews explored technical constraints, organizationalstrategies, and user acceptance factors in MFA deployments. Finally, by following theframework analysis research method, the collected data was transformed into a conceptualstrategy and a prototype was developed.The proposed strategy for implementing a unified MFA system in academic institutionsemphasizes phased rollouts, flexible authentication options, and user-centric adoptionstrategies. A practical demonstration of Keycloak using the implemented prototypevalidates the proposed strategy by providing insights into simulated real-world feasibility.The findings indicate that phased MFA implementations with multiple MFA methodsto chose from improve security while maintaining better usability. Furthermore, thesuccessful deployment of MFA requires a centralized IAM approach that consolidatesexisting fragmented authentication services. Open-source solutions like Keycloak offer aviable approach to integrating MFA in complex university IT infrastructures.