Two-factor authorisation (2FA)/OTP tutorial video
Two-factor authorization (2FA)
In order to increase security, logging into ICM systems requires two-factor authentication (2FA).
- The first component consists of the traditional
login
andpassword
pair. - The second component is OTP One Time Password, i.e. a one-time code, individual for each user, generated using a special application.
You will be asked for OTP during login to the following services:
- Computational server
hpc.icm.edu.pl
- Resource Allocation System
https://granty.icm.edu.pl/
The same token is valid for both of them. The system will expect the OTP even if you have not register the token so far.
Applications to handle TOTP tokens
Smartphone
In order to obtain the code, it is necessary to install an application that supports the TOTP (Time-based One-time Password) token mechanism, e.g. FreeOTP
, Authy
or GoogleAuthenicator
on your phone.
The applications are available in either GooglePlay or AppStore, the are free and do not require internet access (they work offline).
The use of the phone application is preferred because:
- it is easier to handle
- another device is an additional safety factor
If this is not possible, you may install the application on your computer. Details below.
PC
TOTP token can be registered on your PC with a GUI application, like https://keepassxc.org/
Generate and register the TOTP token
In order to register the real token, please log in with your data to https://mfa.hpc.icm.edu.pl and generate the token without changing the default settings (enroll token). A QR code will appear, which should be scanned into the application.
Warning
Each ICM user can have only one token registered. After removing the token from the application on the phone, it cannot be recovered (only reset by the administrator).
Below, the default settings are listed:
and the generated token 20TOTP05228F43
:
Dummy OTP token
If you do not feel confident you can play with a dummy token. You can not login with it, but your application shall be able to import it. Once the real token is lost, it can not be regenerated without 'admin help'.
When you start up the app you should see a "+" at the top of the screen. Pressing it should start the camera, point it at the following QR code:
Text being hidden behind the QR is:
otpauth://totp/apptest%20TOTP05228F43?secret=4ZRWWHXXCFF76CJJQNEWQDWVQDPORP3F&period=30&digits=6&issuer=ICM-HPC
The application shall automaticaly install a dummy account entry called apptest 20TOTP05228F43
,
displaying a six-digit number that changes every 30s.
Alternatively to scanning the QR code, you can enter the test-secret manually: 4ZRWWHXXCFF76CJJQNEWQDWVQDPORP3F
.
You can delete the test account once you have got to the stage that it is generating the six-digit TOTP.