We are introducing two-factor authentication for certain services. This is an additional protection for your central user data. This prevents attackers from accessing user accounts, even if they know the password. The password is the first authentication factor and a temporary, single-use confirmation code is used as the second factor.
This second factor (TOTP token) usually requires a smartphone with a corresponding app that can be used to register this token. Another method is to register the token using the KeePassXC password manager on a PC.
Prerequisite
- A connection to the university's internal network (Eduroam is not the university's internal network!)
1. install CodeTwo QR Code Desktop Reader & Generator:
Download the file for your Windows PC from CodeTwo QR Code Desktop Reader & Generator (on a different operating system you will need to select a different QR code scanner, but the installation process is basically the same). To do this, you must accept the general terms and conditions.
After the download, you will be shown a website where the further installation process of "CodeTwo QR Code Desktop Reader & Generator" is described.
2.2 Creating a new database in the KeePassXC programme
First click on "Create new database"
Create a database name and a description for your database and press "Next"
Press "Next" again
Create a password to protect your database. Then press "Done"
Now save the database to a location of your choice
2.3 Adding a new root entry
To add a new root entry, select the "plus symbol" in the top menu bar.
Use a title of your choice, your Shibboleth user code for the "User name" line and your Shibboleth password for the "Password" line and then press "OK"
Now you have an entry in your list. Press the right mouse button on this entry, hover over "TOTP" with the mouse and select "Set up TOTP" in the tab that appears.
Do not close the KeePassXC window that appears!
3. two-factor authentication
Follow the link and log in with your Shibboleth login: https://2fa.tu-freiberg.de/#!/login (Only accessible from the isolation network!)
Press "Roll out token" on the left-hand side of the screen.
Press "Roll out token" again, but this time the button in the centre of the screen.
Use the CodeTwo QR Code Desktop Reader & Generator below and select "From Screen"
A cross now appears as a mouse on your screen. Hold down the left mouse button and frame the QR code displayed. (Tip: if you have several active screens, you must drag the browser tab with the QR code to the main screen)
Copy the code after the "secret=" to "&period" only and paste it into KeePassXC as a secret key
Right-click on the entry in your list, click on the TOTP tab and left-click on Show TOTP.
You can see how the "Time-based password" window opens. Copy the code within the displayed time.
Finally, enter the number combination from KeePassXC on the 2FA website under the QR code. (There is no space between the numbers, the numbers must be entered one after the other)
After successful entry, your token is verified.