Here you will find instructions on how to activate a software token on a computer or laptop. This requires an Autheticator application (app) on your computer/laptop. We recommend that you first familiarize yourself with the information at 2fa.tugraz.at.
To activate a token for the first time, you need a registration code (a 6-digit number). Note: The registration code can only be used once. Students, staff members, and alumni can find the registration code in TUGRAZonline, in the application "Account Status". "Connect users" (accounts for external users) will receive the registration code via email.
If you have already activated a token and you want to activate another token, use your current OTP as the registration code.
1. Please install an authenticator app, such as the 2fast - Two Factor Authenticator app from the Microsoft App Store, and then launch it.
2. A tutorial will be displayed during the initial startup process. You can read through the tutorial or click "Skip".
3. It is necessary to save a data file locally on your PC. Select "Create new data file (first start)". Choose "Select local path" and specify where you want to save the file. Next, you need to choose a file name; this can be anything, for example, "2fast-file". You also need to choose a password. This password will be required every time you open the app and is separate from the OTP (One-Time Password). After that, click "Create file".
4. Open the website otp.tugraz.at in your browser. Log in using your TU Graz username and your registration code (6-digit number).
7. Go back to the 2fast app. Click on "Add account" in the top left corner to link a token to your TUGRAZonline account.
8. Select "Scan QR code". Then follow the instructions in the app. Select the window where the QR code is displayed (your browser). The app will then automatically detect the QR code. After that, click on "Create account".
The code displayed in the app is your OTP. By clicking on the OTP in the app, it will be copied to your clipboard, saving you the trouble of having to type it in manually.
1. Please install an authenticator app, such as the Step Two app from the Mac App Store, and then launch it. Please install an authenticator app, such as the Step Two app from the Mac App Store, and then launch it.
2. Open the website otp.tugraz.at in your browser. Log in using your TU Graz username and your registration code (6-digit number).
5. Go back to the Step Two app. Click on the "+" icon and select "Scan two-step QR code".
6. You must allow the application to access your screen.
7. Move the scan window of the Step Two application over the QR code in the browser.
Step Two is also available in the App Store for iOS and iPadOS, and it can be synchronized with all your devices via iCloud, so you will have a copy of the token on each of your Apple devices.
Here are some example variations explained; depending on the distribution and version, this may differ slightly.
On Debian/Ubuntu/… systems, there is a tool called OTPClient, which can be installed using:
apt install otpclient
The following steps are identical to the steps for Windows (see above).
If you prefer to work from the Command Line Interface (CLI), the following method will work. However, it is absolutely essential that the secret is stored securely (e.g., in a password manager):
1. Install the oathtool using the following command:
apt install oathtool
2. Open the website otp.tugraz.at. Log in with your TU Graz username and registration code.
3. Click on "Generate Token". Optionally, you can add a description to your token. Click "Generate Token" again. You will now see a QR code.
4. Copy the URL shown here:
otpauth://totp/TOTP01280DE7%20USERNAME%40privacyIDEA?secret=xxx…xxx&algorithm=sha256&period=60&digits=6&iss uer=ZID%20TU%20Graz
5. Use the secret value (xxx…xxx) to generate the code:
oathtool -b --totp=sha256 "xxx…xxx" -s 60
It's best to store this entire command in your password manager.
1. If you already use the password manager pass, you can also install the OTP extension (Debian/Ubuntu):
apt install pass-extension-otp
2. The otpauth URL (mentioned in Option 2) can then be entered (twice):
pass otp insert Enter otpauth:// URI for this token:
This will create a subfolder in the password manager with the name of the issuer, and an entry within that folder containing the token's serial number and the username, e.g.:
ZID TU Graz TOTP00268D1C testerl@privacyIDEA
3. The OTP can then be generated as follows:
pass otp code "ZID TU Graz/TOTP00268D1C testerl@privacyIDEA"
4. It is advisable to create an alias for this, e.g.:
alias tug-otp='pass otp code "ZID TU Graz/TOTP00268D1C testerl@privacyIDEA"'
This way, you only need to remember one command.
Quick help:
Phone: +43 316 873 7000
Email: it-support@tugraz.at
Monday – Thursday 08:00 – 16:00
Friday 08:00 – 15:00
! Closed Wednesday 11:00 – 12:00
Personal IT support:
ZID Servicepoint
Stremayrgasse 16/GF
Room number: BMTEG050
Monday – Thursday 08:00 – 16:00
Friday 08:00 – 15:00
! Closed Wednesday 11:00 – 12:00