Viewable by the world
Group Access to IT Frequently Asked Questions (FAQ)
Can VIEW the space: itfaq-editors ,  anonymous ,  itfaq-MFA-EDITORS ,  itfaq-itss ,  all-lbnl-users ,  mpsg-staff ,  itfaq-editors-lite ,  mpsg-mpsg-helpdesk ,  google-collab-documentation-management , 
Can EDIT the space: itfaq-editors-lite ,  itfaq-editors ,  mpsg-staff ,  google-collab-documentation-management ,  mpsg-mpsg-helpdesk , 
Can ADMINISTER the space:

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

MFA Help Pages:

Children Display
depth3


Info

MFA is highly effective at preventing unauthorized access to your accounts. With MFA, an attacker will not be able access your account simply by stealing your password.  The attacker must also steal your phone or Yubikey to access your account.

Use of MFA is mandatory for all LBL staff and affiliates after 9 December 2019.

What are my options to set up Multi-Factor Authentication?

  • Self-Service Google Authenticator setup:
  • Walk-in support with IT:
    • Desktop Support is located at 46-125 between the hours of 8:00 AM and 5:00 PM. Yubikeys are $50 and you must provide a Project ID. There is no additional charge for Google Authenticator but you must bring your smartphone with you to 46-125.
  • On-site support with IT:
    • If on-site support is required, the hourly rate for technician work is $100/hour including travel time and ticket processing time. Yubikeys are an additional $50. You must provide a Project ID before a technician will be sent out. There is no additional charge for Google Authenticator but you must have your smartphone with you.

What exactly is Multi-Factor Authentication? 

Single-factor authentication, such as typing a password, is increasingly an insufficient protection for online accounts. The combination of phishing, malware, and brute-force guessing presents a formidable threat to single-factor authentication.  Unauthorized access to your account can have significant harm, both to you personally (financial harm for example) and to the mission and reputation of Berkeley Lab.  

Multi-factor authentication (MFA) requires more than one factor to authenticate. Most commonly, MFA requires typing a password (first factor) and entering a one-time code (second factor) generated by Google Authenticator on your phone or a Yubikey plugged into your computer.   


MFA at Berkeley Lab enables you to have a second factor protecting your Lab account. When you log into enterprise applications (behind the Shibboleth Single Sign-On), you will first be prompted for a username and password and then a one-time code.

Image Added     Image Added


If you have questions regarding MFA, please submit a help ticket or contact the IT Help Desk at 4357. 

Pop away

What is multi-factor authentication? 

Multi-factor authentication is method where a user is granted access to a resource once they have provided several separate pieces of evidence proving who they are. For example, think about accessing your bank accounts via an ATM machine. To prove to the bank who you are and that you can have access to your bank account, you insert your ATM card (something you have) and enter your PIN number (something you know). You have provided the bank with two forms of authentication enabling the bank to give you access to your accounts.

Why use multi-factor authentication? 

Plain and simple, to secure resources against unauthorized personnel.

Multi-factor Authentication at Berkeley Lab

IT at Berkeley Lab has initiated multi-factor authenticaion in a few implementations this last year. They are:

...