typos

c3e4a1d7 · Jens Henrik Goebbert · 51edb1c2 · c3e4a1d7
Commit c3e4a1d7 authored Oct 4, 2020 by Jens Henrik Goebbert
--- a/001-Jupyter/Activate_JupyterJSC_2-factor-authentication.ipynb
+++ b/001-Jupyter/Activate_JupyterJSC_2-factor-authentication.ipynb
@@ -34,8 +34,8 @@
    "This does not, however, lead directly to the desired entrance - but to a further barrier.\n",
    "\n",
    "The **second login step** prevents unauthorized third parties from gaining access to your account just because they might have stolen your password.\n",
-    "A quite common 2nd-factor is a **One-Time Password (OTP)** generated by a so-called **OPT-App** you installs and initializes once on one of your personal devices.\n",
+    "A quite common 2nd-factor is a **One-Time Password (OTP)** generated by a so-called **OTP-App** you install and initialize once on one of your personal devices.\n",
-    "This *OPT-app* then provides (in our case every 30 seconds) a new *one-time password* that needs to be entered on the login page.\n",
+    "This *OTP-app* then provides (in our case every 30 seconds) a new *one-time password* that needs to be entered on the login page.\n",
    "   \n",
    "<div style=\"clear:both\"></div>"
   ]

 %% Cell type:markdown id: tags:
 ![jsc-logo.jpg](attachment:67258d94-84e6-4a0c-ae8f-c74332ec082e.jpg)
 ------------------------------------
 %% Cell type:markdown id: tags:
 # 2-Factor Authentication (2FA)
 <div>
   <img src=https://jupyter-jsc.fz-juelich.de/hub/static/images/2fa/jupyter-jsc_2fa_img01.png title="2-factor-authentication" width="320" style="float:left"/>
   <!-- <img src=images/jupyter-jsc_2fa_img01.png title="2-factor-authentication" width="320" style="float:left"/> -->
 </div>
 ## Introduction
 2-Factor Authentication (2FA), sometimes referred to as two-factor verification, is a security method in which you provide **two different authentication factors** to identify yourself at login.
 This process is **performed to better protect** both your credentials and the resources that you can access.
 In the **first login step**, you start with the usual entry of a good password. The service then confirms the correctness of the password entered.
 This does not, however, lead directly to the desired entrance - but to a further barrier.
 The **second login step** prevents unauthorized third parties from gaining access to your account just because they might have stolen your password.
-A quite common 2nd-factor is a **One-Time Password (OTP)** generated by a so-called **OPT-App** you installs and initializes once on one of your personal devices.
+A quite common 2nd-factor is a **One-Time Password (OTP)** generated by a so-called **OTP-App** you install and initialize once on one of your personal devices.
-This *OPT-app* then provides (in our case every 30 seconds) a new *one-time password* that needs to be entered on the login page.
+This *OTP-app* then provides (in our case every 30 seconds) a new *one-time password* that needs to be entered on the login page.
 <div style="clear:both"></div>
 %% Cell type:markdown id: tags:
 <div>
  <video controls src="https://multimedia.gsb.bund.de/BSI/Video/2-Faktor-Authentisierung_SD.conv.mp4" width=480 style="float:right"/>
 </div>
 ## Basic Principle
 These two factors for authentication combine the building blocks **knowledge** and **possession** in the login procedure.
 - **knowledge** - the secret knowledge is the password you enter.
 - **possession** - With the *one-time password* you show that you are in possession of a certain device (e.g. your smartphone), because only the *OTP-App*, installed on that device, can generate it.
 <div style="clear:both"></div>
 <div>
    <p style="float:right">Source: Bundesamt für Sicherheit in der Informationstechnik</p>
 </div>
 %% Cell type:markdown id: tags:
 <div>
   <img src=https://jupyter-jsc.fz-juelich.de/hub/static/images/2fa/jupyter-jsc_2fa_img02.png title="2-factor-authentication" width="320" style="float:left"/>
   <!-- <img src=images/jupyter-jsc_2fa_img02.png title="2-factor-authentication" width="320" style="float:left"/> -->
 </div>
 ## Algorithm
 The **OTP-App** can calculate personal one-time passwords completely autonomously from the outside world using a standardized and open algorithm for the generation of **Time-based One-Time Passwords (TOTP)**.
 The *TOTP algorithm* was published in 2011 by the [Internet Engineering Task Force (IETF)](https://www.ietf.com) as [RFC 6238](https://tools.ietf.org/html/rfc6238). The *TOTP algorithm* is a hash function in which a secret code is hashed together with the current time.
 Behind the hash function is the HMAC-based One-time Password Algorithm according to [RFC 4226](https://tools.ietf.org/html/rfc4226) - in simple terms nothing more than a standard that forms a hash in a certain way.
 The calculation includes both a **"secret initialization code"**, that is known to both the server and the client, and the **current time**.
 The final *one-time password* is generated from these two inputs and is valid for a certain period of time. (in our case for **30 seconds**).
 The procedure can be implemented in such a way that slight differences in time between client and server are accepted.
 Hence, any *one-time password* is time-based, calculated locally, and always unique.
 <div style="clear:both"></div>
 ------------------
 %% Cell type:markdown id: tags:
 # How to get started with 2FA
 <div>
   <img src=https://jupyter-jsc.fz-juelich.de/hub/static/images/2fa/jupyter-jsc_2fa_img03.png title="2-factor-authentication" width="320" style="float:right"/>
   <!-- <img src=images/jupyter-jsc_2fa_img03.png title="2-factor-authentication" width="320" style="float:right"/> -->
 </div>
 ## Preparation
 To get ready to use 2-Factor Authentication (2FA) for Jupyter-JSC you have to **prepare** it ONCE:
 - (1) **request 2FA** for Jupyter-JSC,
  - (a) login to [Jupyter-JSC](https://jupyter-jsc.fz-juelich.de)
  - (b) visit https://jupyter-jsc.fz-juelich.de/2fa and request 2FA
  - (c) wait for a *confirmation emails* and click the provided *activation link*
 - (2) **activate 2FA** for Juypter-JSC,
  - (a) install an **OTP-App**, which supports the TOTP algorithm
  - (b) communicate the **secret initialization code** to this *OTP-App*
  - (c) test a first **one-time password** generated.
 ... and then 2FA is ready to be used next time you log in.
 ### 1. Request 2FA
 Please login to Jupyter-JSC as usual through https://jupyter-jsc.fz-juelich.de
 and visit the webpage **https://jupyter-jsc.fz-juelich.de/2fa**  for requesting 2FA.
 Please read the notes on this webpage carefully and click the button **Request 2FA** to start.
 A **confirmation email** including an **activation link** will be send to you directly.
 ### 2. Activate 2FA
 Please follow this *activation link* to instruct Jupyter-JSC for preparation of your 2FA.
 You will be asked to re-login to your account to recieve a **secret initialization code** as QR-Code (and string)
 for a required *OTP-App*.
 So first, you need to install an **OTP-App** on one of your personal devices (if you haven´t done so already),
 which you plan to use in the future to generate the required **one-time passwords** for each time you log in:
 <div style="clear:both"></div>
 %% Cell type:markdown id: tags:
 <div>
   <img src=https://jupyter-jsc.fz-juelich.de/hub/static/images/2fa/jupyter-jsc_2fa_img04.png title="2-factor-authentication" width="320" style="float:left"/>
   <!-- <img src=images/jupyter-jsc_2fa_img04.png title="2-factor-authentication" width="320" style="float:left"/> -->
 </div>
 <div>
   <!-- <img src=https://jupyter-jsc.fz-juelich.de/hub/static/images/2fa/jupyter-jsc_2fa_img04-1.png title="2-factor-authentication" width="320" style="float:right"/>-->
   <img src=https://raw.githubusercontent.com/FZJ-JSC/jupyter-jsc-notebooks/master/001-Jupyter/images/jupyter-jsc_2fa_img04-1.png title="2-factor-authentication" width="120" style="float:right"/>
 </div>
 ### a. OTP-App Installation
 There are a large number of different *OTP-Apps* available that implemented the *TOTP algorithm*.
 You have to install **one of them** - for example, take one of the following:
 Recommended, free & open-source:
  - [**FreeOTP**](https://freeotp.github.io) ([iOS](https://apps.apple.com/de/app/freeotp-authenticator/id872559395), [Android](https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=de))
  - [**KeeWeb**](https://keeweb.info) ([Windows](https://keeweb.info), [macOS](https://keeweb.info), [Linux](https://keeweb.info), [online](https://keeweb.info))
 Free, but closed source:
  - [**Authy**](https://authy.com/download/) ([iOS](https://apps.apple.com/de/app/authy/id494168017), [Android](https://play.google.com/store/apps/details?id=com.authy.authy), [Windows](https://authy.com/download/), [macOS](https://authy.com/download/), [Linux](https://snapcraft.io/authy))
  - [**Protectimus Smart OTP**](https://www.protectimus.com/protectimus-smart) ([iOS](https://apps.apple.com/ie/app/protectimus-smart/id854508919), [Android](https://play.google.com/store/apps/details?id=com.protectimus.android))
  - [**Google Authenticator**](https://de.wikipedia.org/wiki/Google_Authenticator) ([iOS](https://apps.apple.com/de/app/google-authenticator/id388497605), [Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2) )
  - [**Microsoft Authenticator**](https://www.microsoft.com/en-us/account/authenticator) ([iOS](https://apps.apple.com/de/app/microsoft-authenticator/id983156458), [Android](https://play.google.com/store/apps/details?id=com.azure.authenticator), [Windows 10 Mobile](https://www.microsoft.com/en-us/p/microsoft-authenticator/9nblgggzmcj6))
 The *TOTP algorithm* can also be implemented in hardware as a so-called "hardware token" (e.g. [Protectimus Tokens](https://www.protectimus.com/tokens/), [Microcosm Tokens](https://www.microcosm.com/products/oath-otp-authentication-tokens))
 <div style="clear:both"></div>
 %% Cell type:markdown id: tags:
 <div>
   <img src=https://jupyter-jsc.fz-juelich.de/hub/static/images/2fa/jupyter-jsc_2fa_img05.png title="2-factor-authentication" width="320" style="float:left"/>
   <!-- <img src=images/jupyter-jsc_2fa_img05.png title="2-factor-authentication" width="320" style="float:left"/> -->
 </div>
 ### b. OTP-App Initialization & Validation
 Before you can use 2FA for Jupyter-JSC a random, user-specific, unique and **secret initialization code** must be known by both Jupyter-JSC and the your *OTP-App*.
 This *secret initialization code* gets generated by Jupyter-JSC and is shown as a **QR-Code** (or string) on the activation page.
 The QR-Code provides the *secret initialization code*  with the descriptive data (1) algorithm = TOTP, (2) period of validity = 30s.
 **If you prefer to use the string** instead of the QR-Code, please ensure you set these descriptive dates manually in your *OTP-App*.
 Next, the *OTP-App* provides now a **verification code** you have to enter on the activation webpage.
 Jupyter-JSC compares the *verification code* you provide with the one generated by Jupyter-JSC.
 If they match, **2FA is now activated**.
 <div style="clear:both"></div>
 ----------------------
 %% Cell type:markdown id: tags:
 <div>
   <img src=https://jupyter-jsc.fz-juelich.de/hub/static/images/2fa/jupyter-jsc_2fa_img06.png title="2-factor-authentication" width="320" style="float:right"/>
   <!-- <img src=images/jupyter-jsc_2fa_img06.png title="2-factor-authentication" width="320" style="float:right"/> -->
 </div>
 ### 2FA-Login at Jupyter-JSC
 Congratulation! You are now ready to use 2-Factor Authentication with Jupyter-JSC.
 Login is now as simple as this
 1. **Enter your JSC-account password**
    Each time you log in, you enter your JSC-account password as usual.
 2. **Enter the current one-time password**
    You will then be asked for a *one-time password* that you can read from your installed & initialized *OTP-App* (e.g. on your smartphone).
 **Remember me**
 Jupyter-JSC can set a cookie to remember, that you have logged in from this device already.
 Just check the "Remember me" **checkbox** where you enter *one-time password* .
 Jupyter-JSC **skips the request** of a *one-time password* in this browser on that device then for **one week**.