Viewable by the world

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 61 Next »

What is Multi-Factor Authentication? 

Single factor authentication, such as typing a password, is increasingly insufficient protection for online accounts. The combination of phishing, malware, and brute-force guessing present a formidable threat to single factor authentication.  

Multi-Factor Authentication (MFA) requires more than one factor to authenticate.  Most commonly, MFA requires typing a password (first factor) and entering a one-time code (second factor) generated by a device, such as Google Authenticator on your phone.   With MFA, an attacker will not be able access your account simply by knowing your password.  The attacker must also have the device capable of generating a code, a much more difficult task.  

How to use MFA at Berkeley Lab?

MFA at Berkeley Lab enables you to have a second factor protecting your Lab account. When you login into enterprise applications (behind the Shibboleth Single Sign-On), you will first be prompted for username and password then prompted for a one-time code, as follows:


     


Most people already use MFA at Berkeley Lab and/or to secure their personal accounts. It is highly effective at preventing unauthorized access to your accounts. 

If you are a member of an Operations division, MFA was required to login Berkeley Lab enterprise applications (Gmail, LETS, FMS, etc.) in May 2018

If you are a member of a Scientific division, you can opt-in to use MFA for Berkeley Lab enterprise applications beginning September 2018.

MFA Frequently Asked Questions (FAQ) 

  1. How do I opt-in to MFA?
  2. How can I manage my Google Authenticator MFA tokens?
  3. How do I manage my Yubikey MFA tokens? (Operations Only)
  4. I lost my MFA token and can't login?

Other MFA resources

If you have questions regarding MFA enrollment, please submit a help ticket or contact the IT Help Desk at 4357. 





  • No labels