At HTW Berlin, we rely on multi-factor authentication (MFA) to increase security when using our services. A central component of this security measure is the use of one-time passwords (OTP). This procedure has so far been used exclusively for OpenVPN. In future, this will also be extended to other services.

You use a special app on your smartphone or program on your PC/notebook, which regularly generates new, six-digit numeric codes. These one-time codes must be entered together with your HTW user name and HTW password in order to use services such as OpenVPN.

Even if an attacker gains access to your username and password combination, this alone is not enough to gain access to the services. The dynamic one-time codes provide an additional layer of security. However, you should still be careful, use a strong password and remain vigilant, as no system offers absolute protection.

In most cases, it is recommended to use an app on your smartphone to generate OTP codes. Alternatively, programs for Windows PCs or macOS are also available. Below you will find some options. If you have already installed an app such as Google Authenticator, you can also use this.

Smartphone:

• App "2FAS"
  • Android (Google Play Store)
  • iOS (Apple App Store)
• Apple "Passwords" (already pre-installed on current iOS- and macOS-installations)

Windows/macOS/Linux:

• The free password manager "KeePassXC" supports the TOTP method so that OTP codes can also be generated without a smartphone.

Once you have downloaded the relevant app or program, please follow the instructions in our account portal to complete the registration process for multi-factor authentication.

At the end of the process, you will receive a QR code that you can scan with the 2FAS app to generate and verify OTP codes.

If you want to use the KeePassXC program for Windows/macOS/Linux, please proceed as follows:

1. Select "I cannot scan the QR code" in the account portal during the registration process.
2. Copy the displayed secret key to the clipboard.
3. Switch to KeePassXC and navigate via the program menu to "Entries -> New entry".
4. Assign a title (e.g. "HTW TOTP") and a user name (e.g. s0000001 or amuster) corresponding to your HTW-Accounts.
5. Save the entry with "OK".
6. In the KeePassXC program menu, go to "Entries" again, select "TOTP" and choose "Set up TOTP...".
7. Paste the copied secret key from the account portal into the "Secret key" field and click "OK".
8. At the end, the application will generate the OTP codes that you can use to verify and access protected services. You can view the OTP codes by opening the KeePassXC program menu "Entries" again, then click on "TOTP" and select "Show TOTP".

That's it! These one-time codes, regardless of whether they were generated with the smartphone or the PC/macOS, are required together with your HTW username and password to gain access to services such as OpenVPN. Please regularly back up the app or the KeePassXC database and the data stored in it.

It is strongly recommended to generate paper tokens as a backup/emergency solution.These can be used as an OTP code if you no longer have access to your app/PC, for example in the event of device loss or if the previous device is deleted. With the paper tokens, you also have the option of deleting your existing OTP usage and setting it up again in order to integrate a new smartphone or device into the process.

To create your paper tokens, please go to the Accountserviceand click on "Create paper tokens".

If you lose access to your MFA app or the token and do not have any paper tokens, please contact the IT-Helpcenter.