User Tools

Site Tools


lion:2fa

Two-factor Authentication @ LION

Please read this document carefully or start from here

Introduction

The process of implementing 2FA @ LION will take some time, and has the below timeline (provided everything works out as planned).

Timeline

  • 2FA is already activated for Webmail,
  • Tuesday September 21, 2FA will be activated for Windows Desktop login, Remote console access.
    • During these weeks TOO and LIS desktops will be activated
  • Three week later (Tuesday October 12) the VPN service will be 2FA enabled.
  • One week later (Tuesday October 17) the ssh servers will require 2FA
  • During the second half of October all issues should be resolved and then LION will be fully 2FA compliant.

Working with 2FA

Below we describe in detail how to work with 2FA. It is quite straight forward once you get the hang of it.

First Time Access

Before you can use 2FA we and you need to setup a few things.

  • You should own a Smart Phone or own/obtain a YubiKey from the IT department: Since during the 2FA process you need to generate passcodes (a six digit number) automatically based on a secret key, or enable push authentication you and the 2FA system have exchanged, you need a device to perform this action. This device can either be an app on a Smart Phone or a YubiKey hardware device. If you don not own a Smart Phine or cannot use that for any reason, contact the Physics IT Helpdesk to obtain a Yubikey.

First time access:

Regular use of 2FA

WEB access

Web sites that require 2FA use the DUO enrolled information to provide normal access to the Web site after you have provided your 2FA credentials.

Console or Remote Desktop login

For details how to login to your desktop click here.

VPN

VPN allows your home desktop or laptop to become part of the Physics Computer network. This will be the new way to connect to local Physics services (Tunnelier will be discontinued).

SSH

2FA Problems

Loss of or damaged to Smart Phone or YubiKey

It might happen that you loose your smart phone or yubikey, or otherwise may be deprived of your secret key. In that case you need to perform the following actions to reset 2FA in the given order:

  • Contact the Physics helpdesk
  • Reset your password
  • Re-initiate the 2FA process as described above in the 'First Time Access' section

Secret is compromised

You need to perform the following actions, in the given order, to reset 2FA and get a new key:

  • Contact the Physics helpdesk
  • Reset your password
  • Re-initiate the 2FA process as described above in the 'First Time Access' section
lion/2fa.txt · Last modified: 2021/09/22 11:26 by deul