TOTP Authenticator-App

TOTP (Time-based One-Time Password) is an open authentication protocol that generates time-based one-time passwords and is supported by all major authentication apps.

Using the TOTP protocol, authentication apps generate a six-digit one-time code every 30 seconds, even without an internet connection. This code can then be used as login confirmation for multi-factor authentication.

Supported applications:

Common authentication apps for smartphones (e.g., Google Authenticator, FreeOTP, Aegis)
Authentication applications as desktop installations (e.g., Proton) or password managers with TOTP integration (e.g., KeePassXC)

We recommend: In addition to the authenticator app on your smartphone, set up a second authenticator application on another device (e.g., a PC) as a backup and link both to your university account. This way, you retain access to university services even if you lose one device.

If this is your first MFA method, the Windows Hello for Business setup wizard will appear the next business day when you log in for the first time. Please follow the instructions and configure your preferred method (fingerprint, facial recognition).

A PIN must always be set up. If you want to set it up later, skip the setup wizard. To set up Windows Hello for Business yourself at any time, follow the Windows Hello for Business instructions.

If you do not yet have a TOTP-enabled authentication app or application installed on your device, please do so before proceeding with setting up this MFA method for your university account. You can use any TOTP-enabled authentication application as a smartphone app or desktop installation:

Authenticator Apps for Smartphones (Recommended):

Google Authenticator (Android, IOS)
- If you are already using the app for Citrix, you do not need to reinstall it; you can simply add a new entry in the same app – follow the instructions below.
Free OTP (Android, IOS)
2FAS (Android, IOS)
Aegis (Android)

Authenticator applications as desktop installations:

Proton Authenticator (Windows, MacOS) (RECOMMENDED)
Otpkey (Windows, MacOS)

Desktop password manager with integrated authenticator:

KeePassXC (Windows, macOS, Linux)

The installation, setup, and use of each authentication application can vary. The following instructions assume you have already installed and configured an app.

Setting up the TOTP app on your smartphone

This guide describes how to link a TOTP-enabled authentication app for your smartphone (recommended) to your Microsoft account. The specific setup of the authentication app or application itself depends on the provider and is not explained in detail here.

Open https://aka.ms/mysecurityinfo.
Click "+ Add sign-in method".
Select "Authenticator app" → "Other authenticator app".
Scan the displayed QR code with your installed authenticator app.
Enter the security code generated by the app for verification.

Afterward, you can use the one-time codes generated by the authenticator app as a second factor for logins.

Sign in at https://aka.ms/mysecurityinfo. You should be located under "Security Info" in the left-hand navigation.
Click "Add Sign-In Method".

[Translate to Englisch:] Anmeldemethode hinzufügen

3. A window will open with login methods.

Select "Microsoft Authenticator" from the list of methods.

[Translate to Englisch:] Authenticator App auswählen

4. In the following dialog, click on "I want to use a different authenticator app".

[Translate to Englisch:] Andere Authenticator App hinzufügen

5. Open your TOTP authenticator app on your device and add a new account within the app.

Then, click "Next" in the Microsoft portal.

[Translate to Englisch:] Konto hinzufügen

6.A QR code will now be displayed on your PC.

7.Scan the displayed QR code* with the TOTP app.

8. If the QR code has been successfully imported into your app, please click "Next" on your PC.

*Note: When setting up a TOTP app for the first time, you may receive a prompt asking if the app should access your camera. You must select "Allow".

[Translate to Englisch:] Microsoft Portal Übersicht Anmeldemethoden TOTP (blurred)

9. You will now be asked to enter a 6-digit security code from your app using the QR code you just imported.

You must do this to initially confirm the connection.

10. Confirm by clicking "Next".

If the security code matches, you will receive a message: "Authenticator app successfully
added".

[Translate to Englisch:] TOTP Bestätigen

11. Your TOTP app has been successfully registered.

You will now see it in your security information overview and can use the linked app as a second factor for logins.

[Translate to Englisch:] Anmeldemethoden Übersicht TOTP

Log in using the TOTP app on your smartphone

When logging into IT services, you will be asked for your username (format: ZIM-ID@ads.uni-passau.de) and password, as before.

You will then be prompted to enter a 6-digit code for verification. Enter the code from the linked app and the associated account. The process for displaying the code may vary depending on the authenticator app used.

If the code matches, you will be logged in.

[Translate to Englisch:] TOTP Code abrufen und eingeben

1. When logging into IT services, you will be asked for your username and password. In the first window, enter your username (format: ZIM-Kennung@ads.uni-passau.de) and in the following window, enter your password.

[Translate to Englisch:] Benutzernamen eingeben

[Translate to Englisch:] Passwort eingeben

2. After successfully entering your username and password, a window will appear allowing you to select a second factor for identity verification.

Select "Use a verification code" here.

[Translate to Englisch:] Sicherheitscode als Anmeldemethode auswählen

3. You will then be prompted to enter a 6-digit code for verification. Enter the code from your linked app and associated account.

The process for displaying the code may vary depending on the authenticator app you are using.

Then click"Verify" If the code matches, you will be logged in.

[Translate to Englisch:] TOTP Code abrufen

Setting up the TOTP desktop application

This guide describes how to set up a desktop authenticator app with your Microsoft account. The recommended Proton Authenticator application is used in this guide.

Step 1: Open security information

Open Security Info https://aka.ms/mysecurityinfo in your Microsoft account and click "Add a sign-in method".

Step 2: Select your sign-in method

Select "Microsoft Authenticator" as the new method.

Step 3: Choose a different app

Click on "Set up a different app for authentication".

Step 4: Click Next

Click "Next" to continue.

Step 5: QR code appears

Instead of scanning the QR code, select below: “Can’t scan the QR code?”.

Step 6: Copy Secret Key and Account Name

Copy:

Account Name
Secret Key

Then click "Next".

Step 7: Open Proton Authenticator

In Proton Authenticator, click "Add".

Step 8: Paste the copied information

Please fill in:

Title: Account name
Secret: Secret key
Issuer: Uni Passau

Then select "Save code".

Step 9: Copy the code

Click on the large code displayed.

It will be automatically copied to the clipboard (the text "One-time code copied" will appear).

Step 10: Enter the code

Paste the code into the Microsoft field and click "Next".

Step 11: Setup Complete

The authenticator app has been successfully added.
Click "Done" to complete the process.

Step 1:

Open your security information page at https://aka.ms/mysecurityinfo and click "Add login method" to set up a new method.

[Translate to Englisch:] Sicherheitsinformationen Öffnen

Step 2:

Next, select "Microsoft Authenticator" as your new login method to continue.

[Translate to Englisch:] Anmeldemethode auswählen

Step 3:

Next, click on “Set up a different app for authentication” to use an alternative authenticator app.

[Translate to Englisch:] Andere App für Authentifizierung einrichten

Step 4:

Confirm the next step by clicking "Next" to continue with the setup.

[Translate to Englisch:] Fortfahren mit Weiter

Step 5:

When the QR code is displayed, click on “Can’t scan the QR code?” below instead of scanning the code.

[Translate to Englisch:] Auswählren Can't scan the QR Code

Step 6:

Now copy both the account name and the secret key from the displayed information and then click "Next".

[Translate to Englisch:] Schlüssel und Kontoname kopieren

Step 7:

Open the Proton Authenticator on your smartphone and tap "Add" to add a new account.

Step 8:

Paste the copied data by entering the account name in the "Title" field, the secret key in the "Secret" field, and specifying Uni Passau as the "Issuer" before tapping "Save code".

[Translate to Englisch:] Einfügen der kopierten Informationen

Step 9:

Then tap the large displayed code so that it is automatically copied to the clipboard and the message "One-time code copied" appears.

[Translate to Englisch:] Auf den großen angezeigten Code klicken

Step 10:

Now paste this code into the appropriate input field on the Microsoft page and click "Next".

[Translate to Englisch:] Code in das Micorsoft Feld eingeben dann auf Weiter

Step 11:

Once the code has been accepted, the new authenticator app is successfully set up, and you can complete the process by clicking "Done".

[Translate to Englisch:] Einrichtung abgeschlossen

Log in with the TOTP desktop application

Step 1: Enter your email address

When logging into IT services, you will still be asked for your username (format: ZIM-Kennung@ads.uni-passau.de) and password.

Next, you'll be prompted to enter a 6-digit code for verification. Enter the code from your linked app and associated account. The process for displaying the code may vary depending on the authenticator app you're using.

If the code matches, you'll be logged in.

Enter your University of Passau email address and click "Next".

Step 2: Enter password

Enter your password and click "Log in".

Step 3: Select alternative MFA

Click on “I can’t use my Microsoft Authenticator app right now”.

Step 4: Select verification method

Select "Use a verification code".

Step 5: Retrieve code in Proton Authenticator

Open the "Proton Authenticator", select your university account and copy the displayed code.

Step 6: Enter code and confirm

Paste the code into the input field and click "Verify" to complete the registration.

Step 1:

Enter your Uni-Passau email address in the field and click "Next" to proceed to the password prompt.

[Translate to Englisch:] Anmeldefenster Desktop App

Step 2:

Enter your password and then press "Log in" to continue the login process.

[Translate to Englisch:] Fenster Passwort Eingabe

Step 3:

When the MFA prompt appears, select "I can't use my Microsoft Authenticator app right now" to use an alternative verification method.

[Translate to Englisch:] Alternative Anmeldung wählen

Step 4:

In the list of available methods, click "Use a verification code" to enter a code from another authenticator app.

[Translate to Englisch:] Verwenden eines Prüfcode

Step 5:

Now open the Proton Authenticator on your computer, select your university account there and copy the displayed six-digit code.

[Translate to Englisch:] Kopieren des Codes

Step 6:

Enter the code on the login page and click "Verify" to successfully complete your registration.

[Translate to Englisch:] Code eingeben und Überprüfen wählen