======Two-factor Authentication @ LION====== {{ services:2fa_graphic.jpg?nolink&400|}} Please read this document carefully or start from [[:services:2fa#first_time_access|here]] [[:services:2fa:acronyms|Note on acronyms]] ---- ======Working with 2FA ===== Below we describe in detail how to work with 2FA. It is quite straight forward once you get the hang of it. =====First Time Access===== {{ :lion:smartphones.jpg?200|}}{{ :lion:yubikey.jpg?100|}}Before you can use 2FA we and you need to setup a few things. * **You should own a Smart Phone or own/obtain a YubiKey from the IT department**: Since during the 2FA process you need to generate **passcodes (a six digit number)** automatically based on a secret key, or enable **push authentication** you and the 2FA system have exchanged, you need a device to perform this action. This device can either be an app on a Smart Phone or a YubiKey hardware device. If you don not own a Smart Phine or cannot use that for any reason, contact the Physics IT Helpdesk to obtain a Yubikey. First time access: * [[lion:2fa:enroll|Enroll in Duo]] to setup Multi Factor Authentication =====Regular use of 2FA===== ====WEB access==== Web sites that require 2FA use the DUO enrolled information to provide [[lion:2fa:webaccess|normal access to the Web site after you have provided your 2FA credentials]]. ====Console or Remote Desktop login==== For details how to login to your desktop click [[lion:2fa:console|here]]. ====VPN==== VPN allows your home desktop or laptop to become part of the Physics Computer network. This will be the new way to connect to local Physics services (Tunnelier will be discontinued). * [[lion:2fa:vpn|How to use VPN and 2FA]] * [[lion:2fa:oldvpn| Convert previously configured VPN to use 2FA]] * [[lion:2fa:rdp_via_vpn|Remote Desktop access via VPN (and 2FA)]] ====SSH==== [[:lion:2fa:ssh|Using ssh in a 2FA environment]] ---- =====2FA Problems====== ====Loss of or damaged to Smart Phone or YubiKey==== It might happen that you loose your smart phone or yubikey, or otherwise may be deprived of your secret key. In that case you need to perform the following actions to reset 2FA in the given order: * Contact the Physics helpdesk * Reset your password * Re-initiate the 2FA process as described above in the 'First Time Access' section ====Secret is compromised==== You need to perform the following actions, in the given order, to reset 2FA and get a new key: * Contact the Physics helpdesk * Reset your password * Re-initiate the 2FA process as described above in the 'First Time Access' section