Using TOTP for Multi-Factor Authentication to AWS

Requirements:

Contents

  1. Obtaining the Secret Key
  2. Authentication Code Generation

Obtaining the Secret Key

To begin you must first activate Multi-Factor Authentication (MFA) on your AWS account. This can be done in the "Security Credentials" section of your AWS account. More details about Multi-Factor Authentication and your AWS account can be found in the Amazon Documentation.

When activating MFA select A virtual MFA device. You will be presented with a screen with a QR code, and an alternative option to show the secret key directly. For instance:

MFA Setup

To use the TOTP component the secret key from above will be required. Either copy the secret key directly, or decode the QR code which contains the secret key. A decoded QR value will follow the standard otpauth://TYPE/LABEL?PARAMETERS format and look like:

otpauth://totp/root-account-mfa-device@120151960619?secret=V2NFI2CRKFCMZJD232ONV5OLVPN5H3ZO2553QHFPXJK4BJN4X3JBYEQ6DJSBXE7H

The secret key is the value of the secret parameter. Once you have the secret key via either means proceed to the next step.

Authentication Code Generation

To complete registration of the MFA virtual device two consecutive codes will need to be provided. The code below uses the TOTP component from IP*Works Auth! to generate these codes:

Totp totp = new Totp();
totp.Secret = "V2NFI2CRKFCMZJD232ONV5OLVPN5H3ZO2553QHFPXJK4BJN4X3JBYEQ6DJSBXE7H";
      
totp.CreatePassword();
Console.WriteLine("First Code: " + totp.Password);

//Wait until the code expires
while (totp.ValidityTime > 0)
  Application.DoEvents();

//Get the second code
totp.CreatePassword();
Console.WriteLine("Second Code: " + totp.Password);

Enter the codes from the output above to complete the addition of the new virtual MFA device. Any time in the future when a new code is required for authentication simply run the code:

Totp totp = new Totp();
totp.Secret = "V2NFI2CRKFCMZJD232ONV5OLVPN5H3ZO2553QHFPXJK4BJN4X3JBYEQ6DJSBXE7H";
      
totp.CreatePassword();
Console.WriteLine("Authentication Code: " + totp.Password);

We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.