Using OTP for Multi-Factor Authentication to AWS
- IPWorks Auth
- An Amazon Web Services (AWS) Account
Contents
Obtaining the Secret Key
To begin you must first activate Multi-Factor Authentication (MFA) on your AWS account. This can be done in the "Security Credentials" section of your AWS account. More details about Multi-Factor Authentication and your AWS account can be found in the Amazon Documentation.
When activating MFA select A virtual MFA device. You will be presented with a screen with a QR code, and an alternative option to show the secret key directly. For instance:
To use the OTP component the secret key from above will be required. Either copy the secret key directly, or decode the QR code which contains the secret key. A decoded QR value will follow the standard otpauth://TYPE/LABEL?PARAMETERS format and look like:
otpauth://totp/root-account-mfa-device@120151960619?secret=V2NFI2CRKFCMZJD232ONV5OLVPN5H3ZO2553QHFPXJK4BJN4X3JBYEQ6DJSBXE7H
The secret key is the value of the secret parameter. Once you have the secret key via either means proceed to the next step.
Authentication Code Generation
To complete registration of the MFA virtual device two consecutive codes will need to be provided. The code below uses the OTP component from IPWorks Auth to generate these codes:
OTP totp = new OTP();
totp.Secret = "V2NFI2CRKFCMZJD232ONV5OLVPN5H3ZO2553QHFPXJK4BJN4X3JBYEQ6DJSBXE7H";
totp.CreatePassword();
Console.WriteLine("First Code: " + totp.Password);
//Wait until the code expires
while (totp.ValidityTime > 0)
Application.DoEvents();
//Get the second code
totp.CreatePassword();
Console.WriteLine("Second Code: " + totp.Password);
Enter the codes from the output above to complete the addition of the new virtual MFA device. Any time in the future when a new code is required for authentication simply run the code:
OTP totp = new OTP();
totp.Secret = "V2NFI2CRKFCMZJD232ONV5OLVPN5H3ZO2553QHFPXJK4BJN4X3JBYEQ6DJSBXE7H";
totp.CreatePassword();
Console.WriteLine("Authentication Code: " + totp.Password);
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.