Warning |
---|
Show If | ||
---|---|---|
| ||
The documentation is currently only accessible to User Services, Oliver, Cesar and selected "early adopters" from the Member States. It is not yet complete or ready for wider publication. |
ECMWF plans to retire the ActivIdentity (HID) Security Tokens that have been used to provide a two-factor (strong) authentication access to ECMWF systems since 2007, and replace these with a TOTP (Time-based One-Time Password) Client application.
This page describes how to activate TOTP for your ECMWF User and documents the current status of services that have been configured to use TOTP
The page was last updated on 26 Jul .
Table of Content Zone | |
---|---|
|
...
Info |
---|
All Bologna systems will accept both ActivIdentity and TOTP Clients as a second factor, in parallel, for seven months from July 2022 to 31st January until 31st March 2023, at which point the ActivIdentity HID systems will be switched off. |
...
- You can have as many TOTP devices configured as you like. Either you have several different authenticator apps installed on your mobile phone, or you can use several different mobile phones.
- Command line tools such as oathtool provide a command line TOTP app that can be used from a workstation or laptop
- You can delete your own configured TOTP. If you all your configured TOTP devices, then the behaviour reverts back to the current one (i.e. use of ActivIdentity HID security token)
- If you cannot login at all because of TOTP, open a Software and computing ticket in the ECMWF Support Portal to request deletion of the wrong TOTP profile .
Tip | ||
---|---|---|
| ||
Users should ensure access to the TOTP client is protected if their device were to be lost, stolen, shared or otherwise compromised. On a mobile device this can be achieved, for example, with a PIN, Password or Fingerprint lock on the device. Many TOTP client applications also support additional authentication to the application itself (this can provide additional protection, especially if the device is shared). Ensure you keep the device up to date and we strongly recommend not rooting or jailbreaking your device because this weakens the protections built into it. |
Using TOTP for access to ECMWF services
...
If purchasing a hardware TOTP Client, ECMWF naturally recommends one with a PIN code for protection.
Does ECMWF gather any information from my smartphone when I use it for TOTP ?
ECMWF only stores the seed key and a device “friendly name” provided by the user. No information is gathered from the smartphone.