Research Center for Advanced Computing Infrastructure: One Time Password

Overview

One-time passwords (OTP) are six-digit numeric passwords generated by a combination of a secret key and a time. The OTP generated at the same time will have the same value regardless of which application is used.
It is possible to use an OTP generated on a mobile device when logging in on a PC.

In order to use OTP, you need to register your authentication device in advance.
Please prepare an OTP client application that supports RFC6238 (TOTP: Time-Based One-Time Password Algorithm) and register it from the following URL for registration. For more information, please refer to the "OTP authentication device registration procedure".

Be careful not to let others know the "encoding value of the private key" of your one-time password.
If it is known to others, please reacquire (delete and register) it.

How to set up One-Time Password (OTP) using postcard

One Time Password (OTP) URL for device registration

Access one of the following URLs that meet the required authentication conditions and register the TOTP authentication device (client).

　Registration from the campus network (including VPN connection)
　　 https://auth.jaist.ac.jp/sso/XUI/#login/&service=RegTOTPwithCampus

　Registration from off-campus network
　1．FIDO2 authentication
　　　　https://auth.jaist.ac.jp/sso/XUI/#login/&service=RegTOTPwithFIDO2
　2．Password and certificate (Applied for issuance before 8/25/2023 16:00) authentication
　　　　https://auth.jaist.ac.jp/sso/XUI/#login/&service=RegTOTPwithCert
　3．Password and certificate (Applied for issuance after 8/25/2023 16:00) authentication
　　　　https://auth.jaist.ac.jp/sso/XUI/#login/&service=RegTOTPwithCert2023

One Time Password recovery code

<Notice>
This is a new feature after the Feb. 2021 update.
The recovery code is not set for those who have already registered their one-time authentication device before the system update.

On the registration status confirmation screen, select the symbol with three vertical dots similar to ":" on the upper right of the authentication element to be deleted, and click "Recovery code".

Copy the recovery code displayed and keep it in a safe place.

You can authenticate using a recovery code instead of the 6-digit number of the one-time password when you want to authenticate temporarily, such as when the device you normally used cannot be used.

Initially there are 10 lines (10 recovery codes), but they will decrease with each use.

Deregister authentication factor

On the registration confirmation screen, select the symbol with three vertical dots similar to ":" on the upper right of the authentication element to be deleted, and click "Delete".

[Notice]
When you have only one authentication factor registered, you will not be able to access the system from off-campus if you delete the authentication factor. Please make sure that another authentication factor are registered before deleting the authentication factor.

Exporting Secret Key for OTP

When you are replacing the PC/smart phone that was being used as an OTP device or you want to set up an environment to generate OTP multiple devices, please refer to the following page for OTP migration.
Exporting One Time Passwords (OTP)