Návody FIT
Jdi na navigaci

Time-based one-time password (TOTP)

Application

KeePassXC
Install using https://keepassxc.org/download/
Microsoft Authenticator
Mobile application Microsoft Authenticator shows one-time password after an account selection.
KeePassXC

*

Common

  1. Go to mysignins.microsoft.com/security-info and add a new method.

    mfa0

  2. Select the Microsoft Authenticator option.

    mfa1

  3. Choose to use a different application.

    mfa2

  4. Set up the account.

    mfa3

  5. If you’re using desktop version, select that you cannot scan a QR code.

    mfa4

  6. Copy the provided code.

    mfa5

  7. Paste the code into the application.

    KeePassXC
    mfa6

In the account settings (Step 1), the setup will result in:

mfa8

TOTP login with FIDO registered

In case the user registered simultaneosly TOTP and FIDO2 as their MFA method, login flow is a little different and tries to load FIDO2 hardware token regardless of user’s momentary preference. In such case, login flow has a few extra steps described below.

  1. After initiating login flow, the user is asked to provide their CTU login in the format of username@cvut.cz and their CTU password.

    totp with fido 01

  2. Upon entering, confirm cvut.cz as trusted domain – Continue

    totp with fido 02

  3. When requested to insert FIDO2 hardware token or asked for a PIN, select Cancel. This step might be slightly different depending on the browser or operating system.

    totp with fido 03

  4. When confronted with failed login page, select Sign in another way.

    totp with fido 04

  5. Choose Use a verification code.

    totp with fido 05

  6. Enter time-based one-time password (TOTP) generated by previously paired app and press Verify.

    totp with fido 06