Email
Main Content

🔑 Logging into 2FA Services: How to Use Your Token Correctly

Depending on the service, two-factor authentication (2FA) at the Philipps-Universität Marburg uses two different methods to request the one-time password (OTP) of your token. It is crucial to use the correct input method for the respective service.

⚠️ Important Transition Information: Code Length and Deactivation

As part of the security migration to the SHA-512 algorithm, the length of the one-time password (OTP) has changed for APP tokens and TAN tokens:

Required Tokens

  • APP Token (TOTP): The code from your authentication app (e.g., Uni-App).
  • YubiKey (TOTP/OATH): The code from the hardware token.
  • TAN Token: Will only be usable as a backup token in the future.

Method 1: Combined Input (Password + OTP)

This method is used by services that provide only a single field for authentication.

How It Works

In the password field, you first enter your regular user password, immediately followed by the one-time password (OTP) of your token without any spaces. Typically, these fields or their explanations will display Password + 2FA.

🚨 Critical Note: NO Spaces!

This is the most common source of error. The system interprets everything as a single, long password string.

  • Correct format (8-digit): MyPassword12345678
  • Incorrect format (with space): MyPassword 12345678

Affected Tokens for This Method

All token types can be used here.

  • APP Token (TOTP): 6- or 8-digit code from the authentication app.
  • TAN Token: The code from your TAN list. Attention: We plan to restrict the TAN token exclusively for logging into the 2FA Portal (as a backup token). Please switch to the APP Token.
  • YubiKey: Generally uses the 1st slot, which is triggered by a short press.

Method 2: Separate Input (Weblogin/Shibboleth)

This method is used by the university's central Weblogin (IdP) (e.g., for time tracking, Gitlab, Marvin, Ilias) and provides a separate field for the second factor.

How It Works

The login process takes place in two separate steps, requested sequentially on two different pages:

Page 1: Primary Login

You enter your username and your regular password, then confirm the entry.

Page 2: Secondary Verification (OTP Request)

The system redirects you to a second page and requests the one-time password (OTP). You enter the current code from your token into this separate field.

Affected Tokens for This Method

All token types can be used here.

  • APP Token (TOTP): 6- or 8-digit code from the authentication app.
  • TAN Token: The code from your TAN list. Attention: We plan to restrict the TAN token exclusively for logging into the 2FA Portal (as a backup token). Please switch to the APP Token.
  • YubiKey: This always prompts for the 1st slot. The 1st slot is triggered by a short press.