Change over now! New eduroam identifiers

Protection of your personal TU-ID access data for WiFi access

2022/11/18

Since August, it is possible to create and use device-specific identifiers and passwords for WiFi access (eduroam). This means that each of your devices that needs to connect to the eduroam network can use its own identifier and password. With these access data, the device can dial into the eduroam network worldwide. This not only contributes significantly to the protection of your personal TU-ID access data, it also brings many advantages in handling. Since 01.12.2022, after a transition period, the TU-ID can no longer be used for the WiFi login to the eduroam network.

Since 01.12.2022 no more registration with TU-ID possible!

The previous access with your personal TU-ID was still possible during the transition period until 01 December 2022. After that, the new identifiers are mandatory and you can no longer log in to the eduroam WLAN with your TU-ID or use it for the open network sockets.

What to do:

Before you start, please note the following points:

  • Make sure you are connected to the internet during the installation and configuration process.
  • For mobile devices ideally with a WIFI of your choice or via the data volume of your mobile phone contract. Please note: eduroam is not suitable here, as you will be reconfiguring your eduroam access.
  • For PC/laptop, connect to a local network (LAN).

1. Create a WiFi account

Create up to 3 independent WiFi accounts (one for each end device used) in the IDM portal of the TU Darmstadt, under “Persönliche Accountverwaltung > WLAN-Accounts > Persönlich”. You can find detailed instructions here. (opens in new tab)

The device-specific identifier gives you advantages in later handling (see info box below). If you have more than 3 devices that need to connect to the eduroam network, you can also use an identifier more than once (only recommended in exceptional cases, please then group cleverly).

2. For mobile devices

Install the “geteduroam” app on your smartphone and/or tablet, e.g. www.geteduroam.app/ or https://get.eduroam.org/app/.

3. “Forget” old eduroam WLAN configuration

If you already have an eduroam/WLAN installation set up on your device, be sure to remove or forget the old eduroam installation on your device first, depending on your device's operating system. Important: To do this, you should be within range of the eduroam network.

4. Configuration and installation with CAT

4.1 …for HRZ-managed PC/Laptop

  • Open the Matrix 42 Software Depot.
  • Select the „CAT Eduroam Installation“ and click on install.
  • Then follow the installation wizard.
  • You will now need your WLAN user name and password.
    • User name and password use the entries from the IDM portal under “WLAN account” (TU-IDlan00@tu-darmstadt.de NOT @stud.tu-..)
    • If you have not saved a password there or have written it down incorrectly, you can generate a new password in the IDM portal.
    • As soon as you are on the eduroam WLAN, you are automatically connected.

4.2 …for NON-managed PC/Laptop

  • Download the Configuration Assistant Tool (CAT).
  • Follow the installation wizard:
    • Use the user name and password entries from the IDM portal under “WLAN account” (TU-IDlan00@tu-darmstadt.de NOT @stud.tu-..).
    • If you have not saved a password there or have written it down incorrectly, you can generate a new password in the IDM portal.
    • As soon as you are on the eduroam WLAN, you are automatically connected.

ATTENTION for computers managed by the HRZ: In this case, please use the CAT tool provided in the Software Depot!

Step-by-step instructions can be found here:

Rules and tips for a secure password

On 9 December 2021, the binding password policy of the Technical University of Darmstadt came into force.

You do not yet use a TU-ID password that meets the requirements of this guideline? Then save yourself extra work later and tackle the necessary password update for your TU-ID and the configuration of your WiFi accounts together.

Information and assistance on changing the TU-ID password can be found here.

What are the advantages of the change for you?

Protection of your TU-ID access data and the systems you access

End devices initially store the access data to known networks locally on the device and synchronise these (especially in the case of mobile devices) with the cloud storage of the respective manufacturer – this means that your TU-ID access data are potentially not sufficiently protected in plain text in different locations. Since your TU-ID simultaneously provides access to a whole range of important TU Darmstadt systems and applications, this poses a permanent threat to all of these systems.

Protection against fraudulent networks accessing your data and systems

The eduroam network is available worldwide. This makes it extremely difficult for users (and their end devices) to distinguish genuine eduroam networks from fraudulent ones that falsely identify themselves as members of the eduroam network. If you automatically connect your device (or mobile device) to such a fraudulent network, the TU ID access data is directly revealed to the attacker, who then gains far-reaching access to TU Darmstadt systems. Technically, this cannot be reliably ruled out.

Risk minimisation through separate identifiers

The new separate identifiers reduce the risks to WLAN access. If something does go wrong here, the access data for a specific device account can be blocked and set up again without affecting access to all other services. In short: your TU-ID remains protected.

Remaining able to act despite the failure of an end device

The fact that you can assign individual identifiers for each device means that access can be blocked for individual devices (e.g. the lost smartwatch) without blocking access to other devices (e.g. the work laptop).