MFA Help Pages:
Children Display | ||
---|---|---|
|
Info |
---|
MFA is highly effective at preventing unauthorized access to your accounts. With MFA, an attacker will not be able access your account simply by stealing your password. The attacker must also steal your phone or Yubikey to access your account. Use of MFA is mandatory for all LBL staff and affiliates after 9 December 2019. |
What are my options to set up Multi-Factor Authentication?
- Self-Service Google Authenticator setup:
- The instructions to set up Google Authenticator on your own are here: Install Google Authenticator and Setup MFA
- If you need any assistance with the setup, you can contact the IT Help Desk at x4357
- Walk-in support with IT:
- Desktop Support is located at 46-125 between the hours of 8:00 AM and 5:00 PM. Yubikeys are $50 and you must provide a Project ID. There is no additional charge for Google Authenticator but you must bring your smartphone with you to 46-125.
- On-site support with IT:
- If on-site support is required, the hourly rate for technician work is $100/hour including travel time and ticket processing time. Yubikeys are an additional $50. You must provide a Project ID before a technician will be sent out. There is no additional charge for Google Authenticator but you must have your smartphone with you.
What exactly is Multi-Factor Authentication?
Single-factor authentication, such as typing a password, is increasingly an insufficient protection for online accounts. The combination of phishing, malware, and brute-force guessing present presents a formidable threat to single-factor authentication. Unauthorized access to your account can have significant harm, both to you personally (financial harm for example) and to the mission and reputation of Berkeley Lab.
Multi-Factor Authentication factor authentication (MFA) requires more than one factor to authenticate. Most commonly, MFA requires typing a password (first factor) and entering a one-time code (second factor) generated by a device, such as Google Authenticator on you phone. With MFA, an attacker will not be able access your account simply by knowing your password. The attacker must also have the device capable of generating a code, a much more difficult tasks.
How to use MFA at Berkeley Lab?
Most people already use MFA at Berkeley Lab and/or to secure their personal accounts.
...
If you are a member of an Operations division, MFA was required to login Berkeley Lab enterprise applications (Gmail, LETS, FMS, etc.) in May 2018
If you are a member of a Scientific division, you can opt-in to use MFA for Berkeley Lab enterprise applications beginning September 2018.
MFA Frequently Asked Questions (FAQ)
- How do I opt-in to MFA?
- How can I manage my Google Authenticator MFA tokens?
- How do I manage my Yubikey MFA tokens? (Operations Only)
- I lost my MFA token and can't login?
Other MFA resources
- Multi-Factor Authentication for FMS and HRIS - MFA users, both required and opt-in, must use MFA to authenticate to FMS and HRIS.
- Multi-Factor Authentication for Windows workstations (Operations Divisions only) - Operations users logging into Windows Active Directory computers must use MFA.
- Multi-Factor Authentication for Privileged Accounts (IT Division only) - Privileged accounts used for IT infrastructure management must use MFA
- Lawrencium HPC Cluster - MFA for HPCS Clusters
your phone or a Yubikey plugged into your computer.
MFA at Berkeley Lab enables you to have a second factor protecting your Lab account. When you log into enterprise applications (behind the Shibboleth Single Sign-On), you will first be prompted for a username and password and then a one-time code.
If you have questions regarding MFA enrollment, please submit a help ticket or contact the IT Help Desk at 4357.
...