FAQ: Two-factor authentication

Setting up 2FA for personal accounts

Why is the account management webpage no longer displaying (white screen)?

Webbrowser - weißer Bildschirm

The account management webpage is not displaying:

  • This happens relatively often because, for security reasons, you are locked out for 30 minutes after entering the wrong login or two-factor authentication details five times.
  • It is extremely rare for this to be caused by a complete system failure.

Why do I always get the error message “Internal Error!” when I try to confirm the TOTP code?

The error message ‘Internal Error!’ appears once you have had 5 failed attempts. For security reasons, the system will then block your access for 30 minutes.

Why do I always get the error message ‘Invalid TOTP format’ when I try to confirm the TOTP code?

You will receive the error message “Invalid TOTP format” if the entry in the “TOTP code” field does not consist solely of 6 digits. The code should be formatted as follows: “123456”.

The error message “Invalid TOTP code” can have exactly four causes:

1. The system time on your device, on which you are using the authenticator app (FreeOTP / KeePassXC), is set incorrectly.
Check the system time on the device you are using to navigate to the computer centre's page (Where am I?) via a web browser.

2. The TOTP code has expired.
A TOTP code is not always valid for 30 seconds. The validity period depends on your current system time. When you generate a TOTP code, it may be valid for 25, 14 or even just 5 seconds, for example. Always display the TOTP code before using it, so that you can see it and observe how its validity period continues to decrease. If the time is too short, it is better to wait a moment and use the next generated code.

3. The TOTP secret, which is included in both the QR code (Option A) and during manual setup (Option B), does not match the TOTP secret (private key) of your TOTP entry in your authenticator app (FreeOTP / KeePassXC).

If you are using KeePassXC, you can view the TOTP secret (secret key) for your TOTP entry and re-enter it if necessary. To do this, right-click on the entry and, in the context menu that opens, select TOTP / Set up TOTP.

In FreeOTP, you cannot view the TOTP secret again. Delete the entry on your smartphone. On Android: press and hold the entry → tap the trash icon. On iOS (iPhone): swipe the entry away from left to right. You can then scan the QR code again using FreeOTP, view the TOTP code and enter it into the ‘TOTP code’ field in the web browser where you manage your account.

Please note: 
Whenever you log in to Account Management using your username and password and are taken to the page for setting up two-factor authentication, a new TOTP secret is generated in the QR code and in the details. As a result, previously saved TOTP entries containing ‘old’ TOTP secrets (secret keys) may still be present in FreeOTP or KeePassXC and generate invalid codes. It is therefore best to complete the set-up process in a one-time operation.

4. Incorrect parameters were used during manual configuration (Option B).
Please ensure that you use the correct parameters:

Number of characters: 6
Algorithm: SHA1
Interval: 30 seconds

How can I change the system time in Windows 11?

  1. Open Settings: Press the Windows key + I.
  2. Time & Language: Select “Time & Language” on the left, then “Date & Time.”
  3. Set automatically: Make sure that “Set time automatically” is turned on.
  4. Synchronize: Click the “Synchronize now” button under “Synchronize clock.”

I have successfully set up two-factor authentication for account management. How can I set up two-factor authentication for the groupware?

You can only set up two-factor authentication for your account once. Once 2FA has been set up, the TOTP secret (secret key) is linked to your account. If the groupware asks for the two-factor authentication code when you log in, please use a generated TOTP code from your configured authenticator app (FreeOTP / KeePassXC / etc.).

Do I need to set up two-factor authentication if I want to access my personal email account?

Yes, if you want to use the Groupware webmail service.
No, if you use a separate email programme on your computer or smartphone.

2FA for email functional accounts

How can I set up two-factor authentication for email function accounts?

Log in to the central account management system (ums.uni-greifswald.de) using your personal username as the person responsible for the resource.

Navigate to: My Resources -> Resources.
Select your functional account from the list and click the ‘Change 2FA’ action button on the right-hand side.

If you cannot find the functional account in your list of resources, you are not the person responsible for that functional account.