Two-factor authentication
Why 2FA?
Two-factor authentication describes authentication with an additional feature alongside the traditional user name and password. This prevents unauthorized third parties from gaining access to BTU data or functions if they have gained knowledge of personal access data in a criminal manner (e.g. through phishing). With 2FA, after entering the user name and password on an additional authentication page, an additional, individual one-time password that is only valid for a short time is requested. This can be created using a token generator app or a hardware token,
which ensures that the person logging in is in possession of a specific device.
The authentication page on which you must enter the generated one-time password (called "token" here) looks like this:
Which Authenticator app should I use?
There are a number of authenticator apps available in the manufacturers' app stores. In addition, many password managers, e.g. KeepassXC or Bitwarden, also support the integration of 2FA tokens.
If you are not yet using an app for other 2FA purposes, you can install one of the following apps, for example, which are suitable for logging in to BTU and many other websites:
- Android: Aegis Authenticator, Free OTP+, Authenticator Pro
- Android and iOS: 2FA Authenticator, TOTP Authenticator
I am a new employee/new student and have not yet activated my BTU account.
First decide on a variant of 2FA. If you want to use an authenticator app, install it from the relevant app store and you can get started straight away. If you need a hardware token, please contact the BTU helpdesk during telephone hours (Mon-Fri 8-15) or by email. A hardware token can be issued there.
Employees activate their BTU account via the web portal: https://www.b-tu.de/account/m-activate
You will need your BTU pin and an activation code. You will receive your personal activation data from the Human Resources Department - with the terms of use for the BTU account. Please note the information on the accompanying material regarding the earliest possible set-up time.
Students activate their BTU account via the web portal: https://www.b-tu.de/account/s-activate
They need their matriculation number and an activation code for this.
They receive their personal activation data from the Admissions & Registrar`s Office with the terms of use for the BTU account. Please note the information on the accompanying material for the earliest possible setup time.
Your BTU account has already been created for you. You will now be asked to choose a secure
password.
You will now be taken to the 2FA Authenticator selection screen.
For two-factor authentication at the central web services of the BTU, you must now select the method for generating one-time passwords. You can between the software solution (see: Which authenticator app should I use?) or the hardware token.
If you have opted for the software solution, scan the QR code with your smartphone.
You will now be prompted to generate a new one-time password with your app.
If you have a hardware token, enter the serial number. Only tokens issued by the BTU for your employees can be used.
You will now be asked to generate a one-time password to verify that everything is working correctly.
The 2FA setup is now confirmed.
A page with emergency codes and a QR code is displayed once. You can scan this QR code with your Authenticator app if you prefer to use your smartphone to generate one-time passwords instead of the hardware token.
Remember your emergency codes well - save them in your password manager, for example. An emergency code can be used as a replacement for a one-time password, for example if you need to set up a new authenticator. Like the token-generated one-time passwords, each emergency code is only valid once!
Print out this page and keep it in a safe place where only you can access it!
If you now click on "Next", you will see all the information about your BTU account, such as user
name (login), password validity, e-mail addresses and 2FA device.
Your BTU account is now activated and 2FA is set up.
My BTU account is already activated, how do I set up 2FA?
Log in to the BTU account web portal: https://www.b-tu.de/account/ and select "Manage 2FA token".
For two-factor authentication, you must now select a method for generating one-time passwords.
You can choose between the software solution (see: Which authenticator app should I use?) or the
hardware token.
If you have a hardware token, enter the serial number (back of the device) here.If you would like to use software, please leave the field blank and continue.
Now scan the QR code with your chosen app and then generate a one-time password to check that it works correctly.
The six-digit one-time password is only valid for a short time (30 seconds). If the one-time
password disappears before you can enter it, you must generate a new one.
If you want to use a smartphone app to generate one-time passwords in addition to the hardware token, install a suitable app and scan the QR code. Then generate a one-time password for verification and continue .
Confirmation of the 2FA setup
A page with emergency codes, a link to a test page and a QR code is displayed once. You can scan this QR code with your Authenticator app on your smartphone if you prefer to use your smartphone to generate one-time passwords instead of the hardware token.
Remember your emergency codes well - save them in your password manager, for example. An emergency code can be used as a replacement for a one-time password, for example if you need to set up a new authenticator. Like the token-generated one-time passwords, each emergency code is only valid once!
Note: Do not click on the "Delete assignment" link, as this will delete the registration you have just set up for your hardware token.
Print out this page and keep it in a safe place that is only accessible to you!
What happens if the password-generating device is lost?
If you lose your hardware token or smartphone, you must report this immediately in the User Services area or to it-support(at)b-tu.de so that the assignment of your BTU account to these devices can be canceled. If you have your emergency codes or your alternative password-generating device (smartphone or hardware token) to hand, you can and should lock your devices in your BTU account yourself before reporting the loss.
Click on "Delete assignment" under "Manage 2FA token" in your BTU account:
Note: Deleting the assignment will result in the loss of access to your account and all 2FA-protected services.
After deleting the assignment, the IT service will add a new assignment and store a new token.
Please contact the user services area or it-support(at)b- tu.de or come to VG1C during service hours.
Hardware token
A hardware token can issued if required. Please contact User Services at IT Services. You can obtain a token there during hotline hours.
Ideally, we recommend that you arrange a collection time slot in advance. (by email: it-support(at)b-tu.de or phone: 0355 69 1000)
You can use the hardware token as a key fob and always carry it with you. Incidentally, the same applies to security tokens as to house keys: Never write your address or name on the key!
Pressing the gray button generates the aforementioned one-time password, which is valid for a maximum of 30 seconds - the small vertical bar to the left of the password informs you when the validity period has expired.
Contact person
- Technical questions, e.g. regarding setup: User services or helpdesk
(T: 69-1000; Mail: it-support(at)b-tu.de)