Multifactor authentication

From Alliance Doc
Revision as of 19:44, 27 February 2023 by Mboisson (talk | contribs)
Jump to navigation Jump to search


This article is a draft

This is not a complete article: This is a draft, a work in progress that is intended to be published into an article, which may or may not be ready for inclusion in the main wiki. It should not necessarily be considered factual or authoritative.




Multifactor authentication (MFA) allows you to protect your account with more than a password. Once your account is enrolled in MFA, you will be prompted for a second action in addition to your password. This action could be accepting a notification on your phone (Duo Push), entering a 6 digits time based code, entering a single-use bypass code, or pushing on the button of a Yubikey hardware key. This second factor will be required when connecting to many of our services. Note that while we are deploying this, not all of our services may supported it, but our goal is to protect most of our services with MFA in the near future.

Registering multiple factors

When you enable MFA for your account, we strongly recommend that you configure at least two options of second factor. For example, you can use a phone and single-use codes, a phone and a hardware key, or two hardware keys. This will ensure that if you lose one factor, you can still use your other one to access your account.

Using a smart phone

TODO

Using a YubiKey hardware key

YubiKeys are hardware tokens made by the company Yubico. They have the size of a small USB stick, and different models support different ports. Some will connect to a USB-A port, USB-C port, Lightning. Some models also support near field communication (NFC) to be used with your phone or tablet. To figure out which one may best suite your need, consult this page. They cost between 50$ and 100$, and they are the best option if you do not want to use or if you do not have a smart phone. They are also the best option if you are often in situations when using your phone is not possible.

YubiKeys support multiple authentication protocols which are commonly used for web authentication, such as WebAuthn, FIDO2, U2F. However, the one protocol which works with SSH connections used on our clusters is called Yubico One Time Password (OTP). When using Yubico OTP, pressing the button on the key will write a long string of characters looking like vvcccbhbndkglanfhevnricjdvftcfugdtjeflgrhenr, which will act as your second factor.

Retrieved from "https://docs.alliancecan.ca/mediawiki/index.php?title=Multifactor_authentication&oldid=130345"