Two factor authentication (2FA)
To prove the identity of a user, a combination of the username or e-mail address and password is used. With the two-factor authentication (2FA) a second component is added. This component should be as independent as possible from the first one. The purpose of 2FA is to increase the certainty that the current action is performed by the corresponding user.
TOTP token
To use this feature, a mobile phone and access to the corresponding App Store (or Play Store) is required, e.g.:
- Apple iOS
- Google Android
There are two authentication methods that are supported. You need an authenticator app for both.
A TOTP token generates a 6-digit number on your mobile that you fill in as the 2nd factor authentication. Note: For TOTP Token it is crucial that the system time is synchronized.
PUSH token
A PUSH token generates an Accept/Decline choice on your mobile.
For both tokens, you use the app on your mobile: privacyIdea Authenticator App (by NetKnights GmbH).
For the PUSH token this app is mandatory, for the TOTP token you can also use other Authenticator apps (like Authy, Google Authenticator). Once a token is created, it will be requested in several places, for example the MPG website, services at the GWDG (Owncloud, RocketChat) and eProcurement.
Keep in mind that you need to provide the token, you cannot circumvent this part. The TG can also not circumvent this for you. (So: Don't forget your phone!)
Manual
This is the full manual (PDF) on how to setup Two Factor Authentication (2FA), please read it carefully. It contains the following:
- Where to download the Authenticator App
- How to set up a token for 2FA
- How to use your token for websites, remote desktop and ssh
- How to recover your token when you have lost it