menu

One Time Password

二段階認証(ワンタイムパスワード)について

  • 二段階認証の必要性
    昨今パスワードの漏洩が多発する事例が様々なところで発生し、それにより情報漏洩する事例が多く見受けられます。
    JAISTでは、ユーザアカウントとパスワードの認証(一段階認証)で利用者の電子メールや各種サービスが利用可能となっており、
    パスワード漏洩による情報漏洩が発生する可能性があります。
    したがって、パスワードの漏洩による情報漏洩を防ぐため、学外から利用可能なサービスについては二段階認証を行います。
  • 二段階認証とは
    ユーザアカウントとパスワードでの認証にさらにもう一段階チェック機能を追加する機能のことを指します。
    JAISTでは、時間ベースのワンタイムパスワード(TOTP)による二段階認証を用います。(6桁の数字、30秒ごとに新しいものが生成)
  • 参考ページ
    不正ログイン対策特集ページ(IPA 情報処理推進機構)
    不正ログイン対策のための「2段階認証」設定手順書(IPA 情報処理推進機構)

The Process of Setting up 2-step Authentication (Login Password and One-Time Password)

1. The initial step is to obtain the secret encoded key to use for setting up the 2-step authentication. 

2. The second step is to set up the 2-step authentication system so as to obtain the one-time password.

For mobile device users (iOS and Android), there are two options available:

  • Microsoft Authenticator
  • Google Authenticator.

You can choose to use either, the functionality is the same. 

If you want to use your Windows Computer to obtain the one-time password, you can use:

  • WinAuth

If you want to use your macOS Computer to obtain the one-time password, you can use:

  • OTP Manager

3. The final step is logging into the JAIST-SSO System

Step 1. Initial Setting to Obtain the Secret Encoded Key

  1. Obtaining the encoded key
    • In order to obtain the encoded key value for the two-step verification, open the following webpage on the terminal where the application for two-step verification code is installed. Log-in using JAIST user credentials. In addition to desktop terminals like Windows/Mac, you can also use on android and iOS. The system can only be used inside JAIST campus network, (including from the VPN connection)
      https://otp.jaist.ac.jp/
    • If you are guest users such as graduates, please see here before accessing 2-step verification registration system.
    • After log-in, register for OTP to acquire an encoded private key. Please click the button labelled "OTP REGISTRATION"
    • When the OTP is registered, the encoded value of the private key is displayed. Since this encoded value will be used by the application of two-step authentication later, please copy it to the clipboard or temporarily save it.
      When you press the "copy to clipboard" button, the encoding value of the private key is automatically copied to the clipboard.
    • ※For iOS prior to version 8, the copy to the clipboard function can't be used. In this case, copy the encoded value of the displayed private key another way.
  1. Deleting private key
    • In case it is not possible to continue using two-step verification, as in the cases of a terminal failure, application deletion or the key getting revealed to a third party, it is possible to re-generate the private key.
    • In order to generate a new private key, it is necessary to delete the private key currently in use. Press the "OTP registration cancellation" button to release the encoding value of the current private key. Then, proceed to step 1 to re-generate the encrypted private key.

Step 2 (iOS case 1): Setting up 2-step authentication using Microsoft Authenticator

  • Find and install「Microsoft Authenticator」from the App Store.
    • Please skip the initialization wizard and choose "Add account".
    • Select「Other

 

 

    • Enter your JAIST user account name in "Account" and the encoded secret key value in "Key".
    • The set up is complete when the following screen is displayed.  A numerical value will be displayed as the one-time password.  It will automatically be updated periodically.
    • Afterwards, whenever the application is started, the authentication system and the one-time password will be displayed.

Step 2 (iOS case 2): Setting up 2-step authentication using Google Authenticator


  • Find "Google Authenticator" on the App Store and install the application.

 

 

 

    • Open the application and choose "Begin Setting" at the bottom of the screen then select "Manual entry".

 

 

 

    • Enter your user account name (JAIST account) in "Account" and the encoded value of the secret key in "Key".

 

 

 

    • The setup is complete when the following screen is displayed.  A numerical value will be displayed as the one-time password. It will automatically be updated periodically.
    • Afterwards, whenever the application is started, the authentication system and the one-time password will be displayed.

Step 2 (Android case 1): Setting up 2-step authentication using Microsoft Authenticator

    • Install「Microsoft Authenticator」from Google Play
    • Open the application and start the setting.
    • Select 「Other Account
    • Enter your JAIST user account name in "Account" and the encoded secret key value in "Key".
    • The set up is complete when the following screen is displayed.  A numerical value will be displayed as the one-time password. It will automatically be updated periodically.
    • Afterwards, whenever the application is started, the authentication system and the one-time password will be displayed.
    • Later, you only need to open the authentication application and the one-time password will be displayed.

Step 2 (Android case 2): Setting up 2-step authentication using Google Authenticator

  1. Using Google Authenticator
  • Find (download) and install「Google Authenticator」from Google Play.
    • Open the application, select begin to configure the application.
    • Please select "enter a provided key"
    • Please enter your user account in "Account Name" and enter the encoded key value of secret key in "Key", (JAIST account , not Google).
    • The setup is complete when the following screen is displayed.  A numerical value will be displayed as the one-time password.  It will automatically be updated periodically.

 

 

 

    • Afterwards, whenever the application is started, the authentication system and the one-time password will be displayed.

 

 

 

Step 2 (Windows): Setting up 2-step authentication

    • After downloading, please Accept and run WinAuth (No installation is required). Once its running, to register for Authentication, click on the "Add" button and select "Authenticator".
    • The Add Authenticator screen will appear.
    • Name:It is used to distinguish the from other added certifying accounts. Please enter any arbitrary name.
    • Next, Please enter the encoded the secret key value you have obtained from the top steps.
    • For the authentication method, please select「Time-based」.
    • Then click OK.
    • Next, set up password for starting WinAuth.Be sure to check「Protect with my own password」and enter the password you would like to use then click OK.
    • This completes the initial setup for WinAuth.

Displaying the One-Time Password

    • Open WinAuth and enter the password you set up.
    • Once you log in, click on the round arrow mark on the right corner of the screen will display the One-Time Password (6 digit number).

Step 2 (macOS): Setting up 2-step authentication

In preparation

Step 3. Logging into JAIST-SSO (Using the Login Password and One-Time Password)

    • When you access Webmail, this screen will be displayed.First enter your JAIST account to log in.
    • Next, you will be redirected to the One-Time Password Screen.Please launch your two-step authentication application as above (WinAuth or Google authentication application).
    • Obtain the one-time password (passwords have a time limit) and enter into the browser form within that time limit.