What are One-time Passcodes and Authenticator Apps


One-time passcodes (OTP) are another method of MFA using a cell phone. Using a special app, called an authenticator app, you can use your cell phone to provide a randomly-generated, time-based passcode as a secondary factor of authentication. These passcodes expire quickly, typically every 30 seconds, and are constantly regenerated. The only way to access these codes is to use an app located on your phone, effectively making your cell phone a secondary factor. 


This is a helpful option to access your account when you forget your badge at home, or use a device without a badge reader such as a laptop or remote connection. 



How do I setup OTP?


This guide will be using the DigitalPersona authenticator app, that can be found in the Google Play Store and the Apple App Store. However, any standard authenticator app can be used, such as Google Authenticator or Microsoft Authenticator.


Enrolling in OTP


Step 1.) First, on your computer, open the HID DigitalPersona AD Console application. 



Step 2.) When the DigitalPersona Console opens, select Credential Manager.


Step 3.) In the Credential Manager, select One-Time Password


Step 4.) If prompted, authenticate using your password or ID badge. 


Step 5.) Next, you will see the One-time Password setup screen.


Step 6.) Now you must setup the authenticator app on your phone. If using the DigitalPersona app, you must open the app and set a PIN number. This protects the authenticator app in case the phone is lost or stolen. 


Once the app is open, select the + button in the top right on the Accounts tab. 


 


Step 7.) This should open up the camera, where you can scan the QR code found on the computer. Once scanned, you will see a window describing the user account.


Step 8.) Leave all information as default, and select Save, in the top right corner. You will be redirected back to the accounts screen, where you can see your account. 


Step 9.) The 6 digit code found on the screen will refresh every 30 seconds. Enter the 6 digit code on the computer in the DigitalPersona Console window, and press Save


Step 10.) You will be brought back to the Credential Manager, where you should notice the One-Time Password now says Change.


Your One-Time Password device is now enrolled! 


Using OTP to sign into Windows


Now, when logging into the computer, you can use the One-time Password sign-in option. 


Step 1.) At the login screen, select Sign-in options


Step 2.)  Select the  icon to select One-time Password. 


Step 3.)  Enter the 6 digit code found in your authenticator app.


And that's it! You are now authenticated using a One-time Password! 


If you have any issues, please submit a ticket or contact the IT department