IT Center Help

You are located in service: Multifactor Authentication (MFA)

Authenticator app e.g. for Smartphone, Laptop or Desktop (TOTP)

guide

This page describes how to set up an authenticator app for Multifactor-Authentication (MFA).

An authenticator app generates a new one-time password every 30 seconds.

Follow these steps to set up your app:

In this guide, we use the 2FAS-App, but you can use a different authenticator app.

1. Download authenticator app

Step 1
Open the app store on your device.

Android: Google Play
Apple: App Store
Windows: Microsoft Store

Step 2
Download an authenticator app, such as:

For smartphones: 2FAS, Aegis, "Passwords" (older version "Passwords & Keychain") for iOS
For desktops or laptops: 2fast for Windows, Otpkey Authenticator or "Passwords" (older version "Passwords & Keychain") for macOS, TOTP extension of the KeePassXC Password Manager for all operating systems.
If you want to use another app, make sure it meets the following criteria:
- 6- or 8-digit security code
- Hash algorithms SHA256 or SHA512

2. Set up authenticator app

Step 1
Open the Token Manager.

Step 2
Log in via RWTH Single Sign-On (username format "ab123456").

Step 3
Click Create.

Screenshot of the Token Manager. The "Create" button is located below a table with a list of tokens you have already created.

Step 4
Under "Type of Token", select Authenticator app e.g. for smartphone (TOTP).

Step 5
Click Next.

Screenshot of the "Type of Token" table. "Authenticator App" is the third item in the table. The "Next" button is located at the bottom of the table.

Step 6
Enter a name for your app under "Description" (e.g. Authenticator App).

Optional
Select Advanced Options to change the length of your security code and hash algorithm.

Step 7
Click Create.

Screenshot of the "Authenticator App e.g. for Smartphone (TOTP)" page. Below "Description" there is a text field. Below that, you can check the "Advanced options" box to specify optional settings. The "Create" button comes next.

A QR code appears.

Screenshot of the Authenticator App page. Below a short text is the QR code. Below that is the "Token secret" link. Selecting the link displays a code that can be entered into the app as an alternative to the QR code.

Step 8
Open your authenticator app.

Please note
We have taken screenshots in the 2FAS app for this guide. If you are using a different app, the process may be slightly different.

Step 9
Tap the plus symbol.

Screenshot of the 2FAS authenticator app. The plus icon is the second button after "Import from external app".

Step 10
Scan the QR code using the app.

Alternatively, you can click Token secret below the QR code. A code will be displayed. Copy this code in the app under "Enter secret key".

Screenshot of the 2FAS authenticator app. The camera is open. Under "Other method" you will find the "Enter secret key" option.

A code appears in the app.

Screenshot of the Authenticator application. Under "RWTH Aachen University" you will find a code. Underneath you will find the option "Copy Token".

Step 11
Enter this code in the Token Manager under "Security code".

Step 12
Click Finish.

Screenshot of the Token Manager. "Security Code" is located under the QR Code in the "Verify Token" section.

You have successfully set up your authenticator app.

3. Login with authenticator app

When you are prompted to enter a one-time password, open the Authenticator app.

Copy the password displayed under “RWTH Aachen University” and paste it into the input field.

The passwords are valid for 30 seconds. If a code expires before you have entered it, simply use the next one.

Additional Information

Help: How do I login with MFA?
Help: my token does not work.
Help: I lost my token.
Please contact the developer directly if you have any problems with the application.

last changed on 08/21/2025

This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License