Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
en:services:general_services:customer_portal:two_factor_authentication [2017/07/25 09:58]
abruns1 [Prerequisites] list entry corrected
en:services:general_services:customer_portal:two_factor_authentication [2018/11/14 10:45] (current)
shilker [Prerequisites]
Line 1: Line 1:
 +====== Two-Factor Authentication ======
  
 +The Customer Portal provides the ability to enable a secure two-factor authentication. Each protected area can be individually selected by the user.
 +
 +=====What is that?=====
 +
 +To proof the identity of a user, a combination of the user name or e-mail address and password is used in general. With the two-factor authentication (2FA) a second component is added. This component should be as independent as possible from the first one and increase the certainty that the current action is performed by the corresponding user.
 +
 +====Second component in Customer Portal====
 +
 +In the Customer Portal a function of time generated token serves as a second factor. This is generated by a corresponding application on a mobile phone.
 +
 +====Data Protection====
 +
 +To generate the code two components are required. In addition to the QR Code transferred token, the current system time (in the case of the phone) is needed. A data connection to an external service is not necessary - the generation can thus also be carried out with activated "​airplane mode".
 +
 +The transmission of the user name associated with the domain "​gwdg.de"​ (included in QR Code) is made exclusively to differentiate the various items in the app.
 +=====Prerequisites=====
 +
 +To use this feature, a mobile phone with a modern operating system and access to the corresponding App Store (or Play Store) is required, e.g.:
 +
 +  * Apple iOS
 +  * Google Android
 +  * Windows Phone
 +
 +Various developers offers apps to generate a token, the most common apps are from Google and Microsoft:
 +
 +  * Google Authenticator ([[https://​play.google.com/​store/​apps/​details?​id=com.google.android.apps.authenticator2&​hl=en|Play Store]])
 +  * Google Authenticator ([[https://​itunes.apple.com/​de/​app/​google-authenticator/​id388497605?​mt=8|App Store]])
 +  * Microsoft Authenticator ([[https://​www.microsoft.com/​en-us/​store/​apps/​authenticator/​9wzdncrfj3rj#​|Microsoft Store]])
 +=====Installation=====
 +
 +Once an Authenticator app is installed on the personal mobile phone, the two-factor authentication can be enabled in the security section of Customer Portal (https://​www.gwdg.de/​my-account/​sicherheit).
 +
 +====#1 Activation====
 +
 +{{ :​en:​services:​general_services:​customer_portal:​2fa-activation.png?​nolink |}}
 +
 +Select //Activate two-factor authentication//​ to enable.
 +
 +After the required token has been generated, it is displayed as QR code and text.
 +
 +{{ :​en:​services:​general_services:​customer_portal:​2fa-qrcodeen.png?​nolink |}}
 +
 +**Important**:​ Print the displayed recovery code and store it in a safe place. You can deactivate the two-factor authentication using this code if you have no longer access to the attached mobile phone.
 +
 +Select //Save//. Before finally activating the authentication,​ the code is requested for the first time.
 +====#2 Installation====
 +
 +The installed Authenticator app usually supports the automatic detection of a QR code, a manual input of the token is not necessary.
 +
 +{{ :​en:​services:​general_services:​customer_portal:​2fa-codescanen.jpg?​nolink&​200 |}}
 +
 +After setting the QR code, the current token is automatically displayed.
 +
 +{{ :​en:​services:​general_services:​customer_portal:​2fa-token.jpg?​nolink&​200 |}}
 +
 +The code is generated from a combination of the token with the current time and is valid for 30 seconds.
 +
 +====#3 Usage====
 +
 +Once activated, the Customer Portal is querying the code for each password change. A dialog box is displayed to enter the code.
 +
 +{{ :​en:​services:​general_services:​customer_portal:​2fa-query.png?​nolink |}}
 +
 +====#4 Deactivation====
 +
 +The two-factor authentication can be disabled at any time. For this purpose, the input of a code is also necessary. If a generation of the code is not possible, the recovery code, displayed during activation, can be used.
 +
 +{{ :​en:​services:​general_services:​customer_portal:​2fa-deacten.png?​nolink |}}