TOTP (Time-based One-Time Password) is a security standard where a time-based code must be entered as a second factor. These codes are provided by an app that is initially configured for the specific user account. Possible apps for this include Microsoft Authenticator or Google Authenticator.
At the bottom of the pages shown below, there is a language selection option
that the user can use to choose a language, as they are not logged in at this point
and therefore their set language is not available.
The Setup Page
This page appears at the first login after two-factor authentication (via TOTP) has been activated. You can only log in to the STP Cloud if you successfully complete the setup.
Typically, an authentication app is used, which allows you to easily scan the displayed QR code to configure the app. If this is not possible or if software is used that does not support QR codes, you can alternatively set it up manually using the security key displayed below the QR code.
To confirm, the user must enter and confirm a first code from the app in the data field below.
The user will then be redirected to the following page.
Backup Code Page
Along with some instructions, a table with 12 backup codes is displayed here. These can be used as an alternative to the codes from the app to log in. This may be necessary if, for example, the smartphone used is damaged or unavailable for some other reason.
Each of these codes can only be used once. Above the table, there are two buttons. The left one allows you to copy the backup codes to the clipboard to, for example, paste them into a document and store them securely. The right button allows you to print the displayed page.
Secure storage is absolutely necessary, as the backup codes can only be displayed this one time.
By clicking the 'Confirm' button, the user completes the setup and is redirected to the login page again.
Related to