Switch language to english
Znuny Professional Services

Der ((OTRS)) Community Edition Fork mit Langzeit-Support (LTS)

Fortify Your Online Defenses With Time-Based One-Time Passwords (TOTP) Security

Using time based one time passwords from an authenticator app to protect your information

One of the most common ways to secure your online accounts is to use a strong and unique password, covered in our last post. Many websites and services offer an additional layer of security: two-factor authentication (2FA), because a password is often not enough. 2FA is a method of verifying your identity by requiring two pieces of information: something you know (your password) and something you have (your phone, for example). One of the most popular and secure forms of 2FA is using time based one time passwords (TOTP) from an authenticator app.

An authenticator app is a software application that generates a random and temporary code (typically) every 30 seconds. An authenticator app on your smartphone, tablet, or computer which is linked (per one-time configuration) to your online account, is needed. This can be done via a user secrect or QA Code. When you log in to the linked website, you will be asked to enter both your password and the code from your authenticator app. This way, even if someone steals your password, they won't be able to access your account without having your device as well.

Some of the benefits of using an authenticator app vs other TOTP generartion methods for 2FA are:

  • It's more convenient than receiving codes via SMS or email, which can be delayed, intercepted, or spoofed.
  • It's more secure than using static codes that can be reused, guessed, or compromised.
  • It works offline, so you don't need an internet connection or cellular service to generate or enter codes.

Get started with Znuny and TOTP 2FA.

The administrator must activate the 2FA for the frontend modules of choice: AuthTwoFactorModule (Agents) or CustomerAuthTwoFactorModule (Customer) or both.

System Configuartion

Other options are available to allow for no secret (2FA as optional) and provide for the use of the most recent token. This latter helps if a token just ran out, before the user could enter it. It allows for the last and current token to be accepted. The user must install the authenticator of choice. Some modern password vaults offer TOTP support like 1Password or LastPass, keeping your password and TOTP in the same simple location. However, in the sense of not keeping all your eggs in one basket, it may still make sense to have a second device for this purpose. Some of the most popular and reliable authenticator apps are Google Authenticator, Microsoft Authenticator, and Authy. Once installed the authenticator app must be configured.

The agent or customer will log in, go to their preferences, and choose to generate or manually enter their secret (16 Characters: Capital A-Z or 0-9).

Example Configuration

Once saved, the second factor is always required for login. Be sure the authenticator application is set up before logging out. This is what an example setup, would look like with the Google Authenticator App.

Enter Secret
Account List

Manually add the secret code as seen in the authenticator application's documentation.

In conclusion, using an authenticator app for 2FA is one of the best ways to protect your information online. By adding an extra layer of security to your password, you can reduce the risk of identity theft, account takeover, and data breaches. Remember to always use a strong and unique password for each account, and keep your authenticator app updated and backed up. Stay safe and secure online with 2FA and an authenticator app!