MAX IV is committed to using Multi Factor Authentication for all external access to anything that is more than purely informational.
Raising the bar
Multi Factor Authentication is adding another piece into the authentication process, one that does not depend on knowing the username and password. Those are often the pieces that a bad actor have managed to obtain via some other source. Using a one-time password is one commonly used technology to achieve 2-factor authentication.
All external access to MAX IV resources requires two-factor authentication via Time-Based One-time Password (TOTP). The one-time password can be distributed via email, SMS or be generated via an application, commonly on your mobile phone, but also available on computers. The SMS/email option is considered weak from a security point and is only used for initial setup.
Activating a TOTP application
There are many OTP applications in the respective mobile phone app stores, chances are that you already use one for other sites. Pick the one that works best for you. Some examples are: Pocket Pass, Authy by Twilio, Google Authenticator, Microsoft Authenticator and many more.
The basic process is
- Install the application
- Login to our Token registration website using your username and a code that is being mailed to you.
- Scan a QR code with your application.
- Verify the registration by typing in a code.
If you rather use a desktop application, that will work too. There are dedicated OTP applications for all operating systems, and most password managers have a feature for OTP generation as well. Instead of scanning the QR code, copy and paste the URI for QR code into the application.
You activate the application for authentication at MAX IV at this URL: MAX IV – TOTP Registration
It is a common mistake to fail to complete the third task.
The registration is not complete until you get the green text at the bottom:
Security code successfully verified.
OTP application is now activated and ready for use.
