menu

One Time Password

About 2-step Authentication(One Time Password)

  • Why 2-step Authentication (Login Password and One Time Password) is necessary? Recently, so many password leakages have happened all over the world, which led to information leakage. JAIST provides users with email and other services through a user account and password authentication, which might have occurred information leakage by password leakage (one step authentication). In order to prevent information leakage caused by password leakage, JAIST introduced 2-step Authentication for the services used outside campus.
  • What is 2-step Authentication? "2-step Authentication" means one more checking function in addition to authentication by a user account and its corresponding password. JAIST executes time-based one time password (6 digits, generated every 30 seconds).
  • Reference (provided by IPA, Information-Technology Promotion Agency, only in Japanese)
    不正ログイン対策特集ページ(IPA 情報処理推進機構) ("Countermeasures for unauthorized login")
    不正ログイン対策のための「2段階認証」設定手順書(IPA 情報処理推進機構) ("2-step Authentication setting procedure manual to take measure against unauthorized login")

The Process of Setting up 2-step Authentication (Login Password and One-Time Password)

1. The initial step is to obtain the secret encoded key to use for setting up the 2-step authentication. 

It is an operation to get (register) "seed" (secret encoded key) for generating a one time password. This is possible only from the campus LAN.
Please be careful not to let others know this "seed".
If others know it, please get new seed (re-register).

2. The second step is to set up the 2-step authentication system so as to obtain the one time password.

Configure the application settings for generating a one-time password using the "seed" got in step 1.
Please select an app according to your device.

  • App for Mobile device(iOS and Android):
                             Microsoft Authenticator
                             Google Authenticator.
                             You can choose to use either, the functionality is the same.

  • App for Windows: WinAuth
  • App for macOS: OTP Manager

For any app, the one-time password generated at the same time is the same value.
Therefore, it is possible to use one-time password generation on a mobile terminal and access to WEB mail on a Windows machine.

3. The final step is logging into the JAIST-SSO System

When using a service that requires a one-time password (such as web mail), enter the 6-digit number displayed in the one-time password generation app in step 2.

Step 1. Initial Setting to Obtain the Secret Encoded Key

  1. Obtaining the encoded key
    • In order to obtain the encoded key value for the two-step verification, open the following webpage on the terminal where the application for two-step verification code is installed. Log-in using JAIST user credentials. In addition to desktop terminals like Windows/Mac, you can also use on android and iOS. The system can only be used inside JAIST campus network, (including from the VPN connection)
      https://otp.jaist.ac.jp/
    • If you are guest users such as graduates, please see here before accessing 2-step verification registration system.
    • After log-in, register for OTP to acquire an encoded private key. Please click the button labelled "OTP REGISTRATION"
    • When the OTP is registered, the encoded value of the private key is displayed. Since this encoded value will be used by the application of two-step authentication later, please copy it to the clipboard or temporarily save it.
      When you press the "copy to clipboard" button, the encoding value of the private key is automatically copied to the clipboard.
    • ※For iOS prior to version 8, the copy to the clipboard function can't be used. In this case, copy the encoded value of the displayed private key another way.
  1. Deleting private key
    • In case it is not possible to continue using two-step verification, as in the cases of a terminal failure, application deletion or the key getting revealed to a third party, it is possible to re-generate the private key.
    • In order to generate a new private key, it is necessary to delete the private key currently in use. Press the "OTP registration cancellation" button to release the encoding value of the current private key. Then, proceed to step 1 to re-generate the encrypted private key.

Step 2 (iOS case 1): Setting up 2-step authentication using Microsoft Authenticator

  • Find and install「Microsoft Authenticator」from the App Store.
    • Please skip the initialization wizard and choose "Add account".
    • Select「Other

 

 

    • Enter your JAIST user account name in "Account" and the encoded secret key value in "Key".
    • The set up is complete when the following screen is displayed.  A numerical value will be displayed as the one-time password.  It will automatically be updated periodically.
    • Afterwards, whenever the application is started, the authentication system and the one-time password will be displayed.

Step 2 (iOS case 2): Setting up 2-step authentication using Google Authenticator


  • Find "Google Authenticator" on the App Store and install the application.

 

 

 

    • Open the application and choose "Begin Setting" at the bottom of the screen then select "Manual entry".

 

 

 

    • Enter your user account name (JAIST account) in "Account" and the encoded value of the secret key in "Key".

 

 

 

    • The setup is complete when the following screen is displayed.  A numerical value will be displayed as the one-time password. It will automatically be updated periodically.
    • Afterwards, whenever the application is started, the authentication system and the one-time password will be displayed.

Step 2 (Android case 1): Setting up 2-step authentication using Microsoft Authenticator

    • Install「Microsoft Authenticator」from Google Play
    • Open the application and start the setting.
    • Select 「Other Account
    • Enter your JAIST user account name in "Account" and the encoded secret key value in "Key".
    • The set up is complete when the following screen is displayed.  A numerical value will be displayed as the one-time password. It will automatically be updated periodically.
    • Afterwards, whenever the application is started, the authentication system and the one-time password will be displayed.
    • Later, you only need to open the authentication application and the one-time password will be displayed.

Step 2 (Android case 2): Setting up 2-step authentication using Google Authenticator

  1. Using Google Authenticator
  • Find (download) and install「Google Authenticator」from Google Play.
    • Open the application, select begin to configure the application.
    • Please select "enter a provided key"
    • Please enter your user account in "Account Name" and enter the encoded key value of secret key in "Key", (JAIST account , not Google).
    • The setup is complete when the following screen is displayed.  A numerical value will be displayed as the one time password.  It will automatically be updated periodically.

 

 

 

    • Afterwards, whenever the application is started, the authentication system and the one-time password will be displayed.

 

 

 

Step 2 (Windows): Setting up 2-step authentication

    • After downloading, please Accept and run WinAuth (No installation is required). Once its running, to register for Authentication, click on the "Add" button and select "Authenticator".
    • The Add Authenticator screen will appear.
    • Name:It is used to distinguish the from other added certifying accounts. Please enter any arbitrary name.
    • Next, Please enter the encoded the secret key value you have obtained from the top steps.
    • For the authentication method, please select「Time-based」.
    • Then click OK.
    • Next, set up password for starting WinAuth.Be sure to check「Protect with my own password」and enter the password you would like to use then click OK.
    • This completes the initial setup for WinAuth.

Displaying the One-Time Password

    • Open WinAuth and enter the password you set up.
    • Once you log in, click on the round arrow mark on the right corner of the screen will display the One-Time Password (6 digit number).

Step 2 (macOS): Setting up 2-step authentication

  • Search「OTP Manager」from the App Store and install it.
  • Open the「OTP Manager」and select「Add your first account」.
  •   Finish setting the three parameters below。
  1. Issuer:any(for instance, JAIST, etc.)
  2. Username:any name(for instance, your username, etc.)
  3. OTP Secret:encoded value of the secret key obtained from Setp 1.
  • Once you save the settings, it will display One Time Password (6 digit number) as shown in the figure.
  • Next time, whenever you open the OTP Manager」, the One Time Password will be automatically generated.

Step 3. Logging into JAIST-SSO (Using the Login Password and One Time Password)

    • When you access Webmail, this screen will be displayed.First enter your JAIST account to log in.
    • Next, you will be redirected to the One-Time Password Screen.Please launch your two-step authentication application as above (WinAuth or Google authentication application).
    • Obtain the one-time password (passwords have a time limit) and enter into the browser form within that time limit.