Multi-factor authentication in CSC’s Services for Research
CSC is expanding the use of multi-factor authentication in our services, and starting from the end of May, CSC will require all users to use MFA when accessing MyCSC portal. Logging in to Puhti and Mahti web interfaces will also require MFA starting from April 21st 2025.

In today’s digital world, protecting our online accounts is more important than ever. One effective way to enhance security is through Multi-Factor Authentication (MFA, in Finnish: monivaiheinen tunnistautuminen).
But what exactly is MFA, and why do we require it for CSC Services for Research?
What is MFA and why is it important?
MFA is a security process that requires users to provide two or more verification factors to gain access to an online account. This method adds an extra layer of protection beyond just a password.
The primary motivation behind MFA is to enhance security. MFA significantly enhances security by protecting against password theft, reducing the impact of phishing attacks, and preventing unauthorized access. Even if a password is compromised, the additional verification factor makes it much harder for attackers to gain access to accounts.
Common MFA methods include, for example:
- SMS authentication: Users receive a one-time code on their mobile phone to enter along with their password.
- Authenticator apps: Apps like Google Authenticator or Microsoft Authenticator generate time-based codes for login.
How to test and activate MFA
If your home organization provides you with Haka credentials, multi-factor authentication may already be integrated with your Haka login. To test this, visit the “Profile” section in the MyCSC portal, and use the “Test your Multi-Factor Authentication capabilities” functionality. Follow the instructions for Haka users in Docs CSC for testing MFA functionality.
If the test concludes that the MFA is not active, you will either receive a notification indicating that you need to activate Haka MFA following your home organization’s instructions, or a notification stating that Haka MFA is not enabled in your organization.
If Haka MFA is not enabled in your organization, you need to activate CSC multi-factor authentication (CSC MFA) in MyCSC instead. CSC MFA must also be activated if your home organization does not offer Haka at all, and you use Virtu credentials, CSC username and password, or Life Science Login to log in to the services. Follow the instructions for activating CSC MFA in Docs CSC.
We encourage all our users to test and, if necessary, activate multi-factor authentication as soon as possible to ensure uninterrupted access to services.
Support
In case you encounter problems with MFA activation, or have any questions about it, please contact CSC Service Desk. We are happy to help!
Authors: Suvi Pousi, Rasmus Kronberg