/
Multi Factor Authentication with Time-based One-Time Password (TOTP)

Multi Factor Authentication with Time-based One-Time Password (TOTP)

Owned by JM Lopez
Last updated: Aug 30, 2024
2 min read

Two-factor authentication is an additional layer of security designed to prevent unauthorized access to your account and protect access to the Virtual Machines and other data you store with the ITS Private Cloud.

The VSS Command Line interface offers the following commands to manage MFA settings in your account:

vss-cli account --no-load set mfa --help Usage: vss-cli account set mfa [OPTIONS] COMMAND [ARGS]... Set account MFA settings. Options: --help Show this message and exit. Commands: get-token Request TOTP token. mk Enable MFA with Time-based One-Time Password. rm Disable existing MFA setup. verify Verify existing MFA setup.

Enable

MFA is enabled by adding the mk sub-command and providing the method to generate or get the TOTP codes. Currently, the ITS Private Cloud supports EMAIL, AUTHENTICATOR or SMS.

vss-cli account --no-load set mfa mk --help Usage: vss-cli account set mfa mk [OPTIONS] {EMAIL|AUTHENTICATOR|SMS} Enable MFA with Time-based One-Time Password. Options: --phone TEXT phone number to receive SMS --help Show this message and exit.

For instance, enabling MFA on a given account using AUTHENTICATOR would look like the following command:

vss-cli account --no-load set mfa mk AUTHENTICATOR Endpoint [https://cloud-api.eis.utoronto.ca]: Username: jm Password: Repeat for confirmation: Do you have a phone to scan a QR Code to generate TOTP codes? [y/N]: y Please, scan the QR code with any authenticator App (DUO, Google Authenticator, Authy, etc) or password manager. [ QR Code ] Do you like to display the security key? [y/N]: y Use the following key if you are unable to scan the QR Code: [ TOTP KEY ] Recovery codes are used to access your account in the event you cannot get two-factor authentication codes. [ recover_code 1 ] [ recover_code 2 ] [ recover_code 3 ] [ recover_code 4 ] [ recover_code 5 ] [ recover_code 6 ] [ recover_code 7 ] [ recover_code 8 ] Would you like to save the codes into a text file? [y/N]: y Written <username>_<issuer>_recovery_codes.txt with recovery codes. Enter the 6-digit Code to verify enrolment was successful: XXXXXX

Disable

Disabling MFA can be done by using the rm command. When executed, an email will be sent to the account’s email address where a link valid for 15min which would have to be accessed for confirmation along with your credentials.

Related content

How-to Manage Multi-Factor Authentication (MFA) via the ITS Private Cloud Portal
How-to Manage Multi-Factor Authentication (MFA) via the ITS Private Cloud Portal
Virtualization, Servers and Storage
More like this
Multi Factor Authentication with Time-based One-Time Password (TOTP) with the vss-cli
Multi Factor Authentication with Time-based One-Time Password (TOTP) with the vss-cli
Virtualization, Servers and Storage
More like this
VSS Command Line Interface (vss-cli) v2021.11.0💀
VSS Command Line Interface (vss-cli) v2021.11.0💀
Virtualization, Servers and Storage
More like this
How-to change multi-factor authentication TOTP generation method
How-to change multi-factor authentication TOTP generation method
Virtualization, Servers and Storage
More like this
How-to enable Multi-Factor Authentication (MFA) on the ITS Private Cloud VPN (VSS VPN)
How-to enable Multi-Factor Authentication (MFA) on the ITS Private Cloud VPN (VSS VPN)
Virtualization, Servers and Storage
More like this
Multi-Factor Authentication for the ITS Private Cloud VPN (VSS VPN)
Multi-Factor Authentication for the ITS Private Cloud VPN (VSS VPN)
Virtualization, Servers and Storage
More like this

University of Toronto - Since 1827