From 8319cde644bcc1155dc4cb5b6a5826177fe02606 Mon Sep 17 00:00:00 2001 From: Tobias Bengfort Date: Tue, 13 Jul 2021 16:53:23 +0200 Subject: [PATCH] expand 2FA inspired by https://docs.mpcdf.mpg.de/faq/2fa.html --- source/guides/two-factor-authentication.rst | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/source/guides/two-factor-authentication.rst b/source/guides/two-factor-authentication.rst index a39d542..95c25f4 100644 --- a/source/guides/two-factor-authentication.rst +++ b/source/guides/two-factor-authentication.rst @@ -7,8 +7,8 @@ To further protect subjects' personal data against compromised or weak passwords, Castellum can *and should* be used with two-factor authentication (2FA). -If enabled, a successful login requires an additional code or passphrase before -Castellum can be used (similar to a TAN for online banking). +If enabled, you need to enter an additional code before you can log in to +Castellum (similar to a TAN for online banking). Currently we support any generic TOTP application or FIDO2 hardware security tokens. @@ -28,13 +28,17 @@ suggestions for appropriate apps to be used at your institution. Android or `Microsoft Authenticator `_ on iOS. +TOTP stands for “Time-based One-Time Password”. As the name suggests, each TOTP +code can only be used once. + Most TOTP apps work the same: 1. Install an authenticator app on a phone 2. Register that phone on the website (Castellum) by scanning a QR code with the authenticator app -3. The app will now generate TOTP authentication codes for you that can be - used to log in +3. The app will now generate a new 6-digit numeric code every 30 seconds +4. The code depends on the current time, so make sure that the phone + has the correct time set Hardware Keys (FIDO2) --------------------- -- GitLab