Two-factor Authentication @ LION
Please read this document carefully or start from here
The process of implementing 2FA @ LION will take some time, and has the below timeline (provided everything works out as planned).
2FA is already activated for Webmail,
Tuesday September 21, 2FA will be activated for Windows Desktop login, Remote console access.
Three week later (Tuesday October 12) the VPN service will be 2FA enabled.
One week later (Tuesday October 17) the ssh servers will require 2FA
During the second half of October all issues should be resolved and then LION will be fully 2FA compliant.
Working with 2FA
Below we describe in detail how to work with 2FA. It is quite straight forward once you get the hang of it.
First Time Access
Before you can use 2FA we and you need to setup a few things.
You should own a Smart Phone or own/obtain a YubiKey from the IT department: Since during the 2FA process you need to generate passcodes (a six digit number) automatically based on a secret key, or enable push authentication you and the 2FA system have exchanged, you need a device to perform this action. This device can either be an app on a Smart Phone or a YubiKey hardware device. If you don not own a Smart Phine or cannot use that for any reason, contact the Physics IT Helpdesk to obtain a Yubikey.
First time access:
Regular use of 2FA
Console or Remote Desktop login
For details how to login to your desktop click here.
VPN allows your home desktop or laptop to become part of the Physics Computer network. This will be the new way to connect to local Physics services (Tunnelier will be discontinued).
Loss of or damaged to Smart Phone or YubiKey
It might happen that you loose your smart phone or yubikey, or otherwise may be deprived of your secret key. In that case you need to perform the following actions to reset 2FA in the given order:
Secret is compromised
You need to perform the following actions, in the given order, to reset 2FA and get a new key: