The new semester has started

In the past week, the fall semester 2025 started! Many institutions have welcomed new students and the rooms are again full of people, full of life. For those starting their studies, it is a time of change, where they develop new habits, possibly move into a new apartment, and most importantly start learning more deeply about their field of interest.

Continue reading “The new semester has started”

Load Testing the edu-ID IdP

On a Monday morning, at the start of the fall semester 2024, many students were unable to log into their edu-ID account. A nightmare for students, IT administrators – and also the edu-ID team who was working actively to fix the issue as soon as possible.

What was the cause of this incident? A retrospective analysis found that the issue was a missing index in a database table. Really, a missing index? Why did we not detect this earlier, even though this problematic table had been in use for several months without any problem? It turns out, we load tested the new MFA API when launching it, but it seems that it wasn’t with a sufficiently large and diverse dataset. Therefore, it was only at semester start that such a high load made the problem apparent.

Continue reading “Load Testing the edu-ID IdP”

Two new identifier attributes: subject-id and pairwise-id

The new identifier attributes gain more and more traction in the SAML-based identity federations. Find out what issues they address, what characteristics they have and who can use them in which scenarios.

Continue reading “Two new identifier attributes: subject-id and pairwise-id”

Hacking for Good

In July this year the edu-ID account management was reimplemented almost from scratch. Not only did the design change but so did much of the technology behind it, including the programming framework. Because we take security and data privacy very seriously, we asked our colleagues from the Switch security team to do a preliminary penetration test before the launch. This first penetration test provided us with the confidence to release the new account management into the wild. But to be doubly sure, we decided to run also a second penetration test after launch with an external company. And so we did.

Continue reading “Hacking for Good”

The Swiss E-ID, the European Union’s eID – and the link to Switch edu-ID and eduGAIN

The E-ID of Switzerland is currently being shaped and formed with interested parties contributing to this process on the community platform of the Swiss federal authorities. As research and education are border-less Switch took a stand to point out the importance of the E-ID to stay in line with international developments. Particularly relevant is the emerging eID of the EU and the Trust Services of EBSI (European Blockchain Services Infrastructure) as a potential trust pillar underpinning it.

But where does our identity solution Switch edu-ID together with its international extension eduGAIN of GÉANT fit into this picture, if at all? Continue reading “The Swiss E-ID, the European Union’s eID – and the link to Switch edu-ID and eduGAIN”

Switch edu-ID launches Passwordless Login with Passkeys

We all know the problem well enough: using passwords is tedious and insecure. With Passkey, however, an alternative has been created with which Internet users can not only log in more easily, but also more securely. Switch is therefore extremely pleased to announce the immediate support of Passkey in Switch edu-ID.

Continue reading “Switch edu-ID launches Passwordless Login with Passkeys”

Two-Step Login Changes

An increasing number of services and universities require edu-ID users to verify their identity with an additional factor in a process called Two-Step Login or Two-Factor Authentication.

One year ago, about 5% of all users had enabled this secure login method. As of today, this number has tripled to 15% of all 930’000 edu-ID users.

This is great news from a security point of view and has led to the following two changes that were introduced end of August 2023.

Continue reading “Two-Step Login Changes”

First step towards passwordless login: Username first!

A lot of identity providers, including Google, Microsoft and Apple, ask the users for their username first, and then proceed to the password input in a follow-up step – if at all! The future world will be passwordless. So it won’t make sense to gather any password in the future.

The edu-ID login has caught up to get ready for a passwordless world. As of 9 August 2023, the edu-ID login window has changed so that users first need to enter their e-mail address. In a next step, they enter their password.

This is an important change to support Passkeys for the edu-ID login in the near future. Users having Passkeys enabled will enter their username and then log in with their Passkeys instead of their password. That is, the edu-ID login first needs to know the user in order to decide which login method is the user’s preferred one.

We are sure that edu-ID users will embrace this new process as most of them are already familiar with it from other identity providers.

 

New simplified edu-ID integration for organizations available now

The integration of the edu-ID previously required the implementation of two small software components on the university side:

    1. the linking service with which the edu-ID account of a person is linked to the internal account at the university,
    2. and the attribute synchronization with which the university manages the affiliations in the edu-ID accounts.

A new integration method is now available that does not require the development and operation of software at the university. Continue reading “New simplified edu-ID integration for organizations available now”