TOTP can be activated for your ECMWF user using the following steps.

These steps can also be used to set up new TOTP devices.

1
  • Go to https://www.ecmwf.int
  • You must be logged in to manage your TOTP token so
    • If you are not logged in do click on "Log In" and continue to the next step
    • If you are already logged in then please skip to step 3

2
  • Login with your ECMWF user name or email address and password

3
  • Click on your name where the "Log In" link was previously; a dropdown menu appears
  • Select Account

4
  • Click on the Change password/TOTP tab

5
  • Under "Two Factor Authentication" click on Set up OTP
  • You will be asked to login again

6
  • Login with your username and password as in step 2 above


If you have already activated TOTP and are following these instructions to set up a new TOTP device or to view your account settings then you will also be prompted to enter a 6-digit code from one of your already configured TOTP devices.

7
  • Configure your OTP using your preferred Application ( Microsoft, FreeOTP, Google )
    • With a smartphone app such as Google authenticator you have an option to scan the QR code
    • Enter the 6-digit code displayed on your smartphone into the One-time code box
    • Enter a Device name so you can remember which device this belongs to.
      • In the example, the user has used "MySmartPhone"
    • Click on Submit
    • The Device is now set up and ready to use for accessing the relevant ECMWF services and applications. No further testing is needed.

8
  • Your configured TOTP devices now show
  • You can add additional devices at any time
  • You can remove a device by clicking on the Remove button

What if I cannot scan the QR code ?


  • If you cannot scan the QR code then click on the "Unable to scan" link

This is also how you can set up  TOTP to work with the  oathtool command line application on Linux

  • A 32-digit code is displayed
    • Enter this code into your device
    • Your device will display a 6-digit code
    • Enter the 6-digit code displayed on your device into the One-time code box
    • Enter a Device name so you can remember which device this belongs to.
      • In the example, the user has used "MyLaptop"
    • Click on Submit
    • The Device is now set up and ready to use for accessing the relevant ECMWF services and applications. No further testing is needed.

  • Your configured TOTP devices now shown
    • In this example, the user now has two devices configured
  • You can add additional devices at any time
  • You can remove a device by clicking on the Remove button


8 Comments

  1. You can also use the Mac's native iCloud keychain.
    This means that you can use the fingerprint to automatically add the one-time verification code in the password box, without copying the code from elsewhere.
    How to activate:

    • Scan the QR code with iPhone's standard "Camera" app.
      Then you get prompted to add the verification code to existing iCloud keychain.
      OR
      'control+click' on the QR code and choose "Set Up Verification Code" to same effect.
    • There were 2 options given for me for user-name: <userid> or <email>.
      Make sure to choose <email> as with <userid> it didn't work.

    That's all.

    1. Thank you, Willem! This is extremely convenient.

      In my environment (where iCloud is not set-up yet), "'control+click' on the QR code" worked on Safari but not on Chrome nor Firefox.

      Also, after  choosing "Set Up Verification Code", I was prompted to choose an account to which the OTP is to be associated and I chose my ECMWF address on microsoftonline.com.

      Once set-up, I can now get the one-time password anytime by opening Safari, "Cmd+," to open the setting panel, then navigating to "Passwords" pane.

      There we can see "Verification code" and hovering mouse pointer on the 6 digits right next to it, we can right-click on it to "Copy the Verification Code" to the clipboard.

    2. Ahah just came back here to post the same thing. It's definitely the most convenient way (if you use Safari)! (smile)

    3. Great! in deed, open Safari to get this menu (smile)

    4. If your password are synchronised with across your Apple devices, just scan the QR code with your iPhone camera. This will do the same thing.

    5. Thanks for sharing Willem Deconinck This is way more convenient than typing numbers from a phone to a laptop. Paul Dando Would it be possible to put this option in the instructions? I have seen it only once I finished to follow the other instructions.  

  2. Paul Dando: very clear instructions, thanks!

    Perhaps it would make sense to add a sentence at the end the says that "The activated TOTP app is ready be used to authenticate the users when accessing the relevant ECMWF services/applications" to make it clear that the process is successful and no futher "testing" is required. Perhaps even point to this page: TOTP: Status of services using TOTP at ECMWF

  3. I have been trying to set up TOTP on my MacBook using the method suggested by Willem and Daisuke. I thought that I had set it up (using accounts.ecmwf.int with my email address) but it didn't work (HID still works). I have tried to delete the verification code and set it up again but seem to be going round in circles - does anyone have any suggestions? (If relevant I am typing my password in rather than using my fingerprint.)