What is Multi-Factor Authentication?
Single factor authentication, such as typing a password, is increasingly insufficient protection for online accounts. The combination of phishing, malware, and brute-force guessing present a formidable threat to single factor authentication.
Multi-Factor Authentication (MFA) requires more than one factor to authenticate. Most commonly, MFA requires typing a password (first factor) and entering a one-time code (second factor) generated by a device, such as Google Authenticator on your phone. With MFA, an attacker will not be able access your account simply by knowing your password. The attacker must also have the device capable of generating a code, a much more difficult task.
How to use MFA at Berkeley Lab?
When using MFA at Berkeley Lab, after entering your username and password you will be prompted for a one-time code, as follows:
Most people already use MFA at Berkeley Lab and/or to secure their personal accounts.
If you are a member of an Operations division, MFA was required to login Berkeley Lab enterprise applications (Gmail, LETS, FMS, etc.) in May 2018
If you are a member of a Scientific division, you can opt-in to use MFA for Berkeley Lab enterprise applications beginning September 2018.
MFA Frequently Asked Questions (FAQ)
- How do I opt-in to MFA?
- How can I manage my Google Authenticator MFA tokens?
- How do I manage my Yubikey MFA tokens? (Operations Only)
- I lost my MFA token and can't login?
Other MFA resources
- MFA for FMS and HRIS - MFA users, both required and opt-in, must use MFA to authenticate to FMS and HRIS.
- MFA for Windows Workstations (Operations Divisions only) - Operations users logging into Windows Active Directory computers must use MFA.
- MFA for Privileged Accounts (IT Division only) - Privileged accounts used for IT infrastructure management must use MFA
- Lawrencium HPC Cluster - MFA for HPCS Clusters
If you have questions regarding MFA enrollment, please submit a help ticket or contact the IT Help Desk at 4357.