Table of Contents
The Customer Portal provides the ability to enable a secure two-factor authentication. Each protected area can be individually selected by the user.
What is that?
To proof the identity of a user, a combination of the user name or e-mail address and password is used in general. With the two-factor authentication (2FA) a second component is added. This component should be as independent as possible from the first one and increase the certainty that the current action is performed by the corresponding user.
Second component in Customer Portal
In the Customer Portal a function of time generated token serves as a second factor. This is generated by a corresponding application on a mobile phone.
To generate the code two components are required. In addition to the QR Code transferred token, the current system time (in the case of the phone) is needed. A data connection to an external service is not necessary - the generation can thus also be carried out with activated “airplane mode”.
The transmission of the user name associated with the domain “gwdg.de” (included in QR Code) is made exclusively to differentiate the various items in the app.
To use this feature, a mobile phone with a modern operating system and access to the corresponding App Store (or Play Store) is required, e.g.:
- Apple iOS
- Google Android
- Windows Phone
Various developers offers apps to generate a token, the most common apps are from Google and Microsoft:
Once an Authenticator app is installed on the personal mobile phone, the two-factor authentication can be enabled in the security section of Customer Portal (https://www.gwdg.de/my-account/sicherheit).
Select Activate two-factor authentication to enable.
After the required token has been generated, it is displayed as QR code and text.
Important: Print the displayed recovery code and store it in a safe place. You can deactivate the two-factor authentication using this code if you have no longer access to the attached mobile phone.
Select Save. Before finally activating the authentication, the code is requested for the first time.
The installed Authenticator app usually supports the automatic detection of a QR code, a manual input of the token is not necessary.
After setting the QR code, the current token is automatically displayed.
The code is generated from a combination of the token with the current time and is valid for 30 seconds.
Once activated, the Customer Portal is querying the code for each password change. A dialog box is displayed to enter the code.
The two-factor authentication can be disabled at any time. For this purpose, the input of a code is also necessary. If a generation of the code is not possible, the recovery code, displayed during activation, can be used.