\n
![\"\"](\"http:\/\/blogs-new.it.ox.ac.uk\/nexus\/files\/2022\/06\/mfa1-1-300x162.jpg\")
<\/p>\nOne of the frustrations of modern security\u00a0is the imposition of more onerous user-verification requirements. The benefits of the University introducing Multifactor Authentication (‘MFA’) are well-proven, but it does add a further step that can be inconvenient. In an effort to make life a little bit easier, and following a debate about this area on our IT Discussion mail-list, I share the following advice.<\/p>\n
Using a password manager is an essential step in keeping secure. KeePass is an excellent example of the genre and my personal favourite. The latest version has also added a feature that promises to make life that little bit easier: it can act as your MFA authentication app.<\/p>\n
I’m assuming that you already have a KeePass entry for your SSO logon, with an auto-type entry set. If not, here’s the auto-type syntax that I use:
\n{USERNAME}{TAB}{TAB}{TAB}{TAB}{ENTER}{DELAY 1000}{PASSWORD}{ENTER}<\/p>\n
The steps to allow KeePass to also handle your MFA are as follows:<\/p>\n
1.Visit https:\/\/mysignins.microsoft.com\/security-info and, yes, log yourself in.<\/p>\n
2. Click ‘add sign-in method’:
\n<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
3. Choose ‘Authenticator App’ from the list: <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n 4. Microsoft will recommend their own Authenticator application, but click instead on ‘I want to use a different authenticator app’: <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n 5. You’ll need to have KeePass installed and running shortly, but at this stage you can just click ‘Next’:<\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n 6. You’re presented with a QR code, as most apps are mobile-based and can use a phone camera. Ignore the QR code and click ‘can’t scan image’: <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n 7. The page will create a security key code, with a ‘copy to clipboard’ button next to it. Click on that: <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n 8. Switch to KeyPass, right-click your entry for your University SSO account, select ‘Edit Entry (Quick)’, then ‘OTP Generator settings’. You’ll get a dialogue box. Paste the security code into the ‘shared secret’ field. No other values need to be changed, so then click ‘OK’: <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n 9. When prompted for your MFA authentication code, ask KeyPass to copy that to the clipboard for you: <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n 10.\u00a0 In the ‘Enter Code’ window, just right-click and ‘Paste’: <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n I’m hoping that future revisions of KeePass will make this even easier*, but this is a great step forward and makes a useful app that little bit better still.<\/p>\n EDIT:<\/p>\n The syntax for KeePass to autocomplete your username, password, and MFA code is:<\/p>\n {USERNAME}{TAB}{TAB}{ENTER}{DELAY 2000}{PASSWORD}{ENTER}{DELAY 2000}{TIMEOTP}{ENTER}<\/p>\n <\/p>\n FURTHER EDIT, FOLLOWING A REVISION TO THE LOGON DIALOGUE BOX:<\/p>\n The previous autotype string was no longer working, but this reinstates it: One of the frustrations of modern security\u00a0is the imposition of more onerous user-verification requirements. The benefits of the University introducing Multifactor Authentication (‘MFA’) are well-proven, but it does add a further step that can be inconvenient. In an effort to … Continue reading
\n![\"\"](\"http:\/\/blogs-new.it.ox.ac.uk\/nexus\/files\/2022\/06\/image_2022-06-24_122026413.png\")
<\/a><\/p>\n
\n<\/a><\/p>\n<\/a><\/p>\n
\n<\/a><\/p>\n
\n<\/a><\/p>\n
\n<\/a><\/p>\n
\n<\/a><\/p>\n
\n<\/a><\/p>\n
\n{USERNAME}{TAB}{TAB}{ENTER}{DELAY 2000}{PASSWORD}{TAB}{TAB}{TAB}{ENTER}{DELAY 2000}{TIMEOTP}{ENTER}<\/p>\n","protected":false},"excerpt":{"rendered":"