What is Multi-Factor Authentication?
Single factor authentication, such as typing a password, is increasingly an insufficient protection for online accounts. The combination of phishing, malware, and brute-force guessing present a formidable threat to single factor authentication. Unauthorized access to your account can have significant harm, both to you personally (financial harm for example) and to the mission and reputation of Berkeley Lab.
Multi-Factor Authentication (MFA) requires more than one factor to authenticate. Most commonly, MFA requires typing a password (first factor) and entering a one-time code (second factor) generated by Google Authenticator on your phone or a Yubikey plugged into your computer. With MFA, an attacker will not be able access your account simply by stealing your password. The attacker must also steal your phone or Yubikey, a much more difficult task from afar.
How to use MFA at Berkeley Lab?
MFA at Berkeley Lab enables you to have a second factor protecting your Lab account. When you login into enterprise applications (behind the Shibboleth Single Sign-On), you will first be prompted for username and password then prompted for a one-time code.
Most people already use MFA at Berkeley Lab and/or to secure their personal accounts. It is highly effective at preventing unauthorized access to your accounts.
How can I enable MFA?
- Enter/Update your account notification information, this must be on file before you can generate an MFA code, link is here.
- Install Google Authenticator, instructions are here.
- Enable MFA on your account by - Enable MFAttps://identity.lbl.gov/mfa/ and select the box to "Opt-in to MFA" to Enable MFA, then enter the authorization code.
MFA Frequently Asked Questions (FAQ)
- Google Authenticator Frequently Asked Questions (FAQ)
- Yubikey Frequently Asked Questions (FAQ)
- I lost my Phone/token, how can I login?
If you have questions regarding MFA, please submit a help ticket or contact the IT Help Desk at 4357.