Protect your Lab Identity with Multi Factor Authentication

We’ve all heard the stories about major data breaches at some of the largest online businesses.  3 billion Yahoo customers had their usernames and passwords compromised leaving those users vulnerable to hackers. Target was breached in 2013, exposing the information of 41 million customers.

A strong password is no longer enough to protect you and your data. Multi Factor Authentication (MFA) provides a second layer of security beyond your username and password. Think of it this way: your username and password are “something you know.” MFA requires both “something you know” and “something you have.” At Berkeley Lab, the “something you have” is a physical token that will generate a unique one-time password (OTP). Under MFA, a hacker who has your credentials still can’t access your account, because they lack “the something you have.”

Berkeley Lab has implemented MFA protection for your Berkeley Lab Identity. As a computing best practice and to help protect you against credential theft, you can choose to add MFA protection for your Single-Sign-On (SSO) logins, such as Gmail, Google Calendar, Google Team Drive, LETS, HRIS, etc.

To adopt MFA for your account, follow these simple steps:

  1. Update your Notification Information at https://password.lbl.gov

  2. Set up Google Authenticator

  3. Get a YubiKey token by either

    1. submitting a ticket to help@lbl.gov
      -or-

    2. attending an IT workshop in your area

  4. Enable MFA by checking “Opt-in to MFA” at https://identity.lbl.gov/mfa/


Detailed instructions are available in the Multi Factor Authentication Instructions page.

For additional help, create a ticket by emailing help@lbl.gov.

Related Sites