One Time Password

MAX IV is committed to using Multi Factor Authentication for all external access to anything that is more than purely informational.

Raising the bar

Multi Factor Authentication is adding another piece into the authentication process, one that does not depend on knowing the username and password. Those are often the pieces that a bad actor have managed to obtain via some other source. Using a one-time password is one commonly used method to achieve 2-factor authentication.

All external access to MAX IV resources requires two-factor authentication via Time-Based One-time Password (TOTP). The one-time password can be distributed via email, SMS or be generated via an application, commonly on your mobile phone, but also available on computers. The SMS/email option is considered weak from a security point and is only used once for initial setup.

Activating a TOTP application

There are many OTP applications in the respective mobile phone app stores, chances are that you already use one for other sites. Pick the one that works best for you. Some examples are: Pocket Pass, Authy by Twilio, Google Authenticator, Microsoft Authenticator and many more.

The basic process is the following – see example in screenshot below

Login to our Token registration website using your username and a code that will be mailed to you.
Install an OTP application – “Pocket Pass” is suggested, but any other will do fine.
Scan a QR code with your application – If you are doing this via the web browser on your phone, it will likely redirect you to the OTP application without show the QR code.
You now have codes generating in your app – but you are not done yet!
Verify the registration by entering a code generated by the app.
Note! The registration is not valid until the verification succeeds!

It is a common mistake to fail to complete the third task.
The registration is not complete until you get the green text at the bottom:

Security code successfully verified.
OTP application is now activated and ready for use.

If you rather use a desktop application, that will work too. There are dedicated OTP applications for all operating systems, and most password managers have a feature for OTP generation as well. Instead of scanning the QR code, copy and paste the URI for QR code into the application.

Again, you activate the OTP application for authentication at MAX IV at this URL: MAX IV – TOTP Registration

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

One Time Password (OTP)

Raising the bar

Activating a TOTP application

MAX IV Social