Two-Factor Authentication to CREODIAS site using KeePassXC on desktop
Two Factor Authentication will be required starting on the 26th of June 2023 for all CREODIAS users.
Please see article Two-Factor Authentication to CREODIAS site using mobile application if you want to use a smartphone app for the TOTP two-factor authentication.
If you, however, want to use your desktop or laptop computer instead, KeePassXC is probably a good choice for you. It is a free and open source graphical password manager. It stores passwords, TOTP keys and other secrets in a file on your computer. You can later, for example, move that file manually to a different computer to use that device instead of the current one.
Contrary to software such as BitWarden, 1Password or LastPass, KeePassXC does not have any cloud sync features.
Since KeePassXC does not provide any cloud storage, you need to make sure that you do not lose your file and whatever is required to decrypt it. You will lose all the content of the file if you lose any of these objects. The backup of this file should be performed.
This article covers configuring KeePassXC in two circumstances:
during account creation and
if TOTP is already configured using another method.
If you already have KeePassXC installed and configured, skip to Step 3 Adding Entry or 4 Configuring the TOTP.
The following instructions are for Ubuntu. If you use a different operating system, please refer to the appropriate documentation.
Step 1 Install KeePassXC
Install KeePassXC before logging in to the CREODIAS website. Open the terminal, type the following command and press Enter:
sudo apt update && sudo apt upgrade -y && sudo apt install -y keepassxc
Step 2 Configure KeePassXC
Launch KeePassXC. During its first run, you will see the following window:
Click the button Create new database it in order to create a file in which you can store your passwords, TOTP keys and other secrets. Now you will see the following window:
In the first step of database creation you may provide its name and discription. The name provided here will not be the name of your file, so you may leave it as it is. Click Continue. The following window will appear:
Next, you may choose how long should the decryption of your database take. However, please keep in mind that, as it is written in that window, Higher values offer more protection, but opening the database will take longer. Leave the default database format and click Continue. You will now see the following window:
Now you need to provide the password for decrypting your database. Enter it again in the second text field. You can also add additional security measures using the button Add additional protection…, but if you are just getting started in might not be needed.
If at any point in the future you are unable to provide your password (for example, because you have forgotten it) and any additional protection measures you configured, you will be locked out of your database and potentially lose all of its content.
Choose the name for the file containing your secrets and its location. Click Save.
Step 3 Add the entry for your account
Your database should now be operational. Let’s create the entry containing your username, password and TOTP for the CREODIAS cloud. Click Add a new entry (the fourth button on the toolbar, marked with the red rectangle on the screenshot below.
The following window will appear:
In the Title field enter the name under which your entry should be identified in your database, for example CREODIAS. Then, type your username and password.
Click OK to save the entry.
If the option Automatically save after every change in the General section of the application settings is enabled, you do not have to save. If not, press CTRL+S to save the database.
Step 4 Configure TOTP
Now we need to obtain your TOTP key.
Method 1: During account creation
After having created an account on https://horizon.cloudferro.com but before first login, you will receive the Mobile Authenticator Setup prompt, as in the following image:
Since you are using a computer which cannot act as a mobile device, click Unable to scan?. The QR code will now be replaced with your key:
Copy the code with which the QR code has just been replaced.
Once you have your TOTP key,
return to KeePassXC,
right-click the entry for your account and
choose the TOTP… -> Setup TOTP… option.
You will see the following window:
Paste your key there into the text field Key: and keep the checkbox Default RFC 6238 token settings checked. Click OK.
In order to view your code, right-click the entry and select TOTP… > Show TOTP…. It is easier, however, to simply
left-click that entry and
You can also press CTRL+T while your entry is highlighted to copy your TOTP code to your clipboard (remember that depending on settings it will disappear from your clipboard, so make sure that you paste it in time).
The window with the code will look like this:
Type your 6-digit code from the above window to the text field One-time-code on the CREODIAS website and choose how you would like to call your device containing the TOTP key. Please make sure that you do it before that key expires. If the key expires, you will get another one and you should type it instead. Click Submit. You should now be able to proceed with your login process.
Method 2: After another method of TOTP has already been configured
If the method of TOTP authentication you are currently using allows you to extract the secret key(or you have it backed up somewhere), you should be able to use that same secret key which you are currently using for KeePassXC as well.
If you are able to access your Creodias account, but are unable to extract your secret key, check the article How to manage TOTP authentication on CREODIAS - you will learn here how to reset your TOTP authentication yourself. During configuration, you should be able to add your secret key to all pieces of software which you wish to use for authentication, including KeePassXC.
If no other options remain, contact CREODIAS customer support for assistance.
Either way, eventually you should get your secret key. Enter it in KeePassXC the same way as explained in Method 1 above - to the Key: text field. If that secret key is already added and configured for your account, no further action should be necessary. If not and you are in the process of configuring it, paste the 6-digit TOTP code from KeePassXC in the same way as you entered the code from your other device during account setup.
Step 5 Login using TOTP
Each time you login, type your credentials normally. After that you will see the following text field:
Generate your TOTP code as explained before (left-click the appropriate entry in KeePassXC and press CTRL+Shift+T) and type that code in the text field One-time code in your browser. If you want to simply copy your code to your clipboard, press CTRL+T while your entry is highlighted (remember that depending on settings it will disappear from your clipboard, so make sure that you paste it in time). Each code lasts only 30 seconds, so if you only have a few seconds remaining on your current code, you might want to wait until the new one is generated. Now you should be signed in.
You can find additional information about using KeePassXC in its official documentation.
What To Do Next
KeePassXC will enable you to login into Horizon from the desktop computer. You then need to run openstack command and authenticate to the cloud. Please see article How to activate OpenStack CLI access to CREODIAS cloud using one- or two-factor authentication.