Mobile navigation Search icon

Two-factor authentication

An OTP secures the login to your account with a one-time password, generated with limited time validity by third-party applications on your mobile phone (such as the Google Authenticator Application).

Each time you sign in, you fill in a code number from your mobile phone.

You may connect only one device to your account.

The mobile app we've created (for Android and iOS) for securing mojeID account sign-in.

After downloading the Authenticator application to your mobile phone, you pair the phone with your account. When logging in, you check the code displayed in the application on your phone to make sure it matches the code on your computer screen, then click the button to sign in to your account. You do not need to type the code.

You may connect only one device to your account.

A security key with support for the FIDO 2 protocol is a small device (with a USB connector) that can be associated with your mojeID account. Then, besides filling in your password, you have to confirm login to your account by also pressing a button on the security key.

An alternative to a separate security key can also be:

  • Mobile device with operating system Android 7.0 or higher (the device must have an active screen lock - PIN, fingerprint, face recognition...). You then use this mobile device to access mojeID.
  • Windows Hello is a way of authenticating a user on devices using operating system Windows 10. For the service to work, the device must have a PIN, fingerprint reader or face recognition protection set up. Windows Hello is available only in latest versions of Windows 10.

You can connect multiple security keys to your account. To confirm adding a new security key, please use one of the security keys you already use to log in. When connecting a new security key, you must fill in its name.

You can view security key details in your account. Security keys can be individually removed from your account.

If you want to use security key to access public administration services, you can find more information here.

Security keys can be purchased from online stores. The product specification must include the FIDO 2 label. These security keys are compatible with the older U2F standard.

We recommend following keys: Idem Key (GoTrust)YubiKey 5 series (Yubico)Security Key NFC (Yubico).

You may also find the generic term FIDO2 U2F in security key specifications.
You can use terms such as  "fido 2 usb" or "fido 2 nfc" to search the internet.

You can connect multiple security keys to your account.

It is an authentication hardware key for multi-factor authentication that provides secure login via a computer, mobile device or laptop. It requires physical presence of the key and manual user interaction to log in (pressing a button, entering a PIN code or touching a fingerprint reader).

The security key works without the need to install any software or drivers — the device acts like a USB keyboard. The user only needs a compatible version of a browser that supports FIDO 2 devices. The latest versions of Chrome, Firefox, Edge and Safari work well.

A security PIN can be entered for keys via the operating system or the manufacturer's application, which further increases security. YubiKey keys can be managed in the YubiKey Manager application. This application also allows you to reset the key and remove the entered PIN. Please note that the reset will disable your MojeID account login, so you will need to remove the key from your account and set it up again.

Using a security key can eliminate threats, such as Man-in-the-Middle Attack and Phishing.

The security key does not serve as a memory drive, but only for login. It should be plugged directly into a computer, not into a docking station. You can connect multiple keys to your account.

  1. Visit
  2. Insert security key to the USB port.
  3. At the bottom of the page, check the attestation box and in the drop-down list select direct.
  4. Click Register.
  5. Use the security key and allow the mojeID website to access your security key.
  6. If the key works, a new Output section appears under the Register button. Click DOWNLOAD (JSON).
  7. Send the downloaded .json file to our technical support at

If the Always require second factor checkbox is checked, it is necessary to confirm any login by a two-factor authentication. You can choose your preferred authentication method.

When the checkbox is unchecked, the second factor is required only to log in to a mojeID account and other services that always require two-factor authentication (e.g., public administration services).

  • Message Registration failed, incorrect data from security key. 
    • If you use a system security key (mobile phone, tablet) and you see this message, it means your device sent the required data out of specification in the wrong format. In this case, the problem is probably on the side of device manufacturer. Please, use different device or hadrware security key. You may also contact the device manufacturer and ask for a fix.

If you have any questions or comments concerning mojeID, contact us at or call the technical support of the CZ.NIC Association, the administrator of the domain register, at +420 731 657 660 or +420 222 745 111 (24/7).