Many websites require just a username and password to login. For some applications, this may be ok. However, it may be possible for someone with malicious intent to guess your password, or for the website user to share the credentials with a colleague. To prevent either of these, we add an additional factor of authentication. Authentication “factors” generally fall the following three categories:
Something the user has - A physical object which the user has access to, and can prove they have access to during login.
Something the user knows - Something they remember, but should keep a secret, such as your password.
Something the user is - Such as your finger print or retina.
We rely on the first two authentication factors to ensure safe access to our TRE. During the login, you will be prompted for a username and password. Your password should not be shared with any one else, and is therefore something you know. As our second factor, we ensure that you have access to something capable of generating authentication codes, such as your phone. We use TOTP (Time-based One Time Password) which can be generated using your phone, with an app such as Google or Microsoft Authenticator.
When you first login to the TRE, you will be asked to configure a OTP (One Time Password). For this, you should install one of the aforementioned apps to your smart phone. We include a few links to these in case you don’t already have one installed.
The login screen will show you a QR code, which can be scanned using your phone’s camera, once you open the authenticator app. The QR code includes information such as the website name, along with a pre-shared key, which is used to generate future codes.
The next time you login to the TRE, you will be asked to enter a OTP (One Time Password) from the authenticator app. These are six numerical digits long.
If you do not have a smartphone capable of running one an authenticator app, please send an email to HICSupport@dundee.ac.uk and we will try to find an alternative (but secure) solution for you.