What is Multi-Factor Authentication?
Single factor authentication, such as typing a password, is increasingly an insufficient protection for online accounts. The combination of phishing, malware, and brute-force guessing present a formidable threat to single factor authentication. Unauthorized access to your account can have significant harm, both to you personally (financial harm for example) and to the mission and reputation of Berkeley Lab.
Multi-Factor Authentication (MFA) requires more than one factor to authenticate. Most commonly, MFA requires typing a password (first factor) and entering a one-time code (second factor) generated by Google Authenticator on your phone or a Yubikey plugged into your computer. With MFA, an attacker will not be able access your account simply by stealing your password. The attacker must also steal your phone or Yubikey, a much more difficult task from afar.
How to use MFA at Berkeley Lab?
MFA at Berkeley Lab enables you to have a second factor protecting your Lab account. When you login into enterprise applications (behind the Shibboleth Single Sign-On), you will first be prompted for username and password then prompted for a one-time code.
Most people already use MFA at Berkeley Lab and/or to secure their personal accounts. It is highly effective at preventing unauthorized access to your accounts.
MFA Frequently Asked Questions (FAQ)
- Google Authenticator Frequently Asked Questions (FAQ)
- Yubikey Frequently Asked Questions (FAQ)
- I lost my Phone/token, how can I login?
Other MFA resources
- MFA for FMS and HRIS - Required and opt-in MFA users must also use MFA to access FMS and HRIS.
- MFA for Privileged Accounts (IT Division only) - Privileged accounts used for IT infrastructure management must use MFA
- MFA for HPCS (HPCS users only) - Users of HPCS must use MFA
If you have questions regarding MFA, please submit a help ticket or contact the IT Help Desk at 4357.