One Time Password

MAX IV is committed to using Multi Factor Authentication for all external access to anything that is more than purely informational.

Raising the bar

Multi Factor Authentication is adding another piece into the authentication process, one that does not depend on knowing the username and password. Those are often the pieces that a bad actor have managed to obtain via some other source. Using a one-time password is one commonly used technology to achieve 2-factor authentication.

All external access to MAX IV resources requires two-factor authentication via Time-Based One-time Password (TOTP). The one-time password can be distributed via email, SMS or be generated via an application on your mobile phone. Both email and SMS methods have inherent weaknesses and will only be used for the initial setup and registration of a TOTP application. SMS has previously been used extensively at MAX IV, but is being phased out in favor of using a TOTP application for generating the token. After January 15, 2024, SMS will no longer be used for sending out OTP code.

Activating a TOTP application

Using a mobile application to generate the Time-based One-Time Password (TOTP) has many advantages over receiving a SMS message, both from security and practical point of views. There are many OTP applications in the respective mobile phone app stores. Some are also available for desktop use. Pick the one that works best for you. Some examples: Pocket Pass, Authy by Twilio, Google Authenticator, Microsoft Authenticator and many more.

If you rather use a desktop application, that will work too. There are dedicated OTP applications for all operating systems, and most password managers have a feature for OTP generation as well. Just copy and paste the URL for QR code (see next paragraph) to activate the application.

You activate the application for authentication at MAX IV at this URL: MAX IV – TOTP Registration
It is a straight forward 3-step process, just follow the instructions on the web page.

Install the application
Scan the QR-code
Confirm by typing in a generated code
Many fail to complete this last step. It must show the text in green “Security code successfully verified”.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

One Time Password (OTP)

Raising the bar

Activating a TOTP application

MAX IV Social