What is the problem with the login name and password?

Login name and password can fall into the wrong hands far too easily. 
This has been shown by the waves of phishing in the past: In stressful moments it can happen to any BOKU member. The password is entered on a fake website and strangers can get up to mischief with BOKU credentials.

What's the point of an additional factor?

If, in addition to the login name and password, a specific physical device such as your own smartphone, notebook or a physical security key is required, the possibilities for attack are greatly reduced.

What are the next steps?