Sie befinden sich im Service: RWTH High Performance Computing (Linux)

Adding 2FA Tokens to Your Account

Adding 2FA Tokens to Your Account

Detailinformation Two-Factor Authentication for your High Performance Computing (HPC) account is mandatory for all SSH logins.


Kurzinformation Quick Instructions

For more detailed instructions, continue below.

Prerequisite: None.

  1. Login to RegApp
  2. Navigate to Index My Tokens
  3. If you have configured at least one token previously, authenticate yourself using that
  4. Click the Add button for your desired token type and follow the instructions on screen

Detailinformation

You can add a new authentication token on a dedicated sub-page. To reach it, hover your mouse over the menu point Index in the navigation ribbon at the top. This will expand the menu. Click on My Tokens. If you do not yet have any authentication tokens configured, this will take you directly to the configuration site. If you have configured at least one further authentication token, you will be prompted to authenticate yourself using any of your configured tokens.

Screenshot of the RegApp main dashboard, showing the main navigation ribbon after expanding it from the 'Index' menu point. The new ribbon has three links: Personal Data, My SSH Pubkeys, and My Tokens.

On the configuration site, you can see a list of all the tokens you have registered as possible second factors. Each token has a unique name and lists its type (currently Paper TAN list, Smartphone App, or Yubikey), the status (active or disabled), and gives the option to disable active tokens, while deactivated tokens can be either enabled again or removed from your account.

Creating a Smartphone Token

The button NEW SMARTPHONE TOKEN opens the dialogue to add a new smartphone token to your account. You can use your authenticator app of choice, such as FreeOTP, Google Authenticator, or similar apps.

Creating the token may take a few seconds. If nothing happens after ten seconds or more, you may need to reload the page (this is likely to happen if you didn't interact with it for several minutes).

After creation, you will be presented with a QR code. You will need to scan this with your authenticator app of choice. You can also enter the seed manually. Note that this is not a base32 seed and is thus not accepted by all authenticator apps. The Serial string is the unique name of your token by which RegApp recognises it. This is not the seed to initialize the token.

You will need to confirm the token by typing in the current code displayed on your authenticator app after scanning the QR code. This confirms the token and concludes the setup. You can now use this token the next time you need to enter a second factor for authentication.

If you have multiple devices (e.g. a smartphone and a tablet) you typically can arrange the authenticator app of choice to work on both/all devices; this multi-device use is recomendable for avoiding loosing all your 2FA in case of hardware defect, theft of the device (and empty battery).

 

Creating a Yubikey Token

TBA

Creating a New Tan List

The TAN list is intended as a backup option only (e.g. in the event of loss your smartphone with the smartphone token). Please create an additional token to use in your everyday work.

To generate a list of TANs, click the button NEW TAN LIST and follow the instructions shown on screen. Make sure to save the list in a manner that makes it inaccessible for third parties

zuletzt geändert am 13.02.2024

Wie hat Ihnen dieser Inhalt geholfen?

Creative Commons Lizenzvertrag
Dieses Werk ist lizenziert unter einer Creative Commons Namensnennung - Weitergabe unter gleichen Bedingungen 3.0 Deutschland Lizenz