What is OTP?
An OTP (One-Time Password) is a password that is generated for authorization and authentication purposes (e.g. two-factor authentication). It serves as an additional security factor to your university password and increases the protection against phishing or hacking attacks.
Each OTP is only valid for use within a short period of time and is automatically regenerated afterwards. To generate such one-time passwords you need an OTP generator, which you can install as an app on your smartphone or PC.
Why are we switching to OTP?
You have almost certainly heard about the increasing number of cyber attacks on universities in recent months. Last summer, the FH in Münster, among others, was affected. In order to best protect the University Münster from similar attacks and the associated protracted disadvantages for teaching and research, the University Münster is introducing additional security-related measures. The introduction of 2-factor authentication with OTP for services that can be used to access internal services and data from outside the University Münster (e.g. VPN and VDI) is one such security measure.
In the coming months, additional services will be secured using 2-factor authentication with OTP. With the one-time setup and registration of the OTP app in the IT portal, you are very well prepared for the changes.
Where can I find instructions for OTP?
The University Münster recommends different OTP generators depending on the operating system.
If you are already using an OTP service, you can continue to use it. The one-time password generators must be registered in the IT portal before use.
Under the following link you will find the app recommendations of the University Münster, as well as the installation and application instructions for 2-factor authentication with OTP:
Why can I use my private mobile device to generate an OTP?
Please use a mobile device in the first instance if possible, this is much more practical to set up.
Also, the OTP generator app that you install on your mobile device does not access any data flow on the mobile device or your phone number.By setting it up, the app synchronizes with the IT portal via a timestamp. Your mobile device contains a clock and can assign such a timestamp. This is the only synchronization that takes place. The devices do not otherwise make contact with each other. Moreover, the app does not require a phone number or anything similar for this process. So there is no danger in using your private end device at this point.
Instead of a smartphone, you can also use another mobile device or a PC for generating OTPs, e.g. a tablet or another computer. Follow our instructions for this.
Step-by-Step: Example OTP Setup with a Smartphone or PC
Step 1: You need two devices for the OTP procedure. You usually use the first device to work with and want to log in to a service that requires an OTP (e.g., your service laptop on which VPN is to be used). With the second device you generate the so-called OTPs with the help of an app. In this example, the first device is a stationary computer and the second device is a smartphone. You can also use another computer as a second device. The first and second devices do not exchange data, apart from the timestamp of the OTP.Step 2: Install the OTP generator as an app on the smartphone or on another device. To do this, select the app that matches the device's operating system. On our website you will find instructions and app recommendations from CIT for the different operating systems: Instructions.
Step 3: Register the installed OTP app in the IT portal. To do this, log into the IT portal via the stationary computer and follow the steps in the instructions from CIT.
Step 4: If you now want to log in to a service that requires an OTP using the stationary computer or another end device, you must always have the OTP generator app open at the same time and take the generated OTP from the app. The generation of such OTPs takes place automatically. The app creates a new OTP every 30 seconds. This ensures that it is temporary and can only be used once (one-time password).
What can I do to take precautions against losing my OTP generator?
To be able to continue logging in to your services in the case that you lose your device with the OTP app installed (e. g. smartphone), for example, you can take precautions. Register two different OTP generators. The two generators should be accessible on different end devices, e.g., computer and cell phone.
Then select the "Digital ID (certificate), or alternatively one-time password (OTP)" option in the two-factor security settings in the IT portal. This increases security and prevents problems in the event of generator failure/loss.
Additional Note for Owners of a Digital ID
From 28.11.2023, access to the IT portal and the security-relevant settings in the IT portal will be secured via 2-factor authentication using OTP. If you have a digital ID (certificate) and log in to the IT portal using the digital ID instead of your university ID, password, and OTP, the IT portal will not ask for a one-time password for most actions. Nevertheless, please register an OTP generator so that you can use the IT portal even if you do not have your digital ID at hand or it has expired.
Who can help me with further questions about OTP?
If you have further questions, your IVVs are available for employees of the departments. Under the following link you can see which IVV is responsible for you:
For questions from employees of the central administration, the IVV9, or the Service Desk is responsible: 0251 83-30303.
For students, the IT hotline (Mon–Fri 08.00–17.00: 0251 83-31600) or the service desk at Einsteinstraße 60 (Mon–Fri 08.00–12.00 and 13.00–16.00) is available.
