Last update: November 17, 2021
TACC requires Multi-Factor Authentication (MFA) as an additional security measure when accessing the compute and storage resources. To set up MFA pairing at TACC on your approved account, proceed directly to the TACC pairing page.
Authentication is the process of determining if you are you. Traditional methods of associating a user account with a single password have not been 100% successful. Multi-Factor Authentication (MFA) requires another step, or "factor", in the authenticaton process. In addition to the usual password users must complete authentication using another device unique to them, usually the user's mobile phone/device.
If you are trying to set up MFA on a new account, you will not be able to generate a QR Code until after your account request is accepted by TACC Staff. Account requests are usually approved within 24 hours.
Click "Pair a Device" to get to the TACC device pairing page. Here you'll be presented with two different pairing methods. Users may authenticate with one and only one method. It's easy to pair and unpair using either of the first two methods.
TACC offers two mutually exclusive authentication (pairing) methods.
Users without (and with) smartphone devices may enable multi-factor authentication with SMS, standard text messaging.
Download and install your preferred MFA App on your Apple IOS or Android device, then follow the app instructions to pair your mobile device. Table 1. features a few of the more popular applications along with links to the respective Apple App and Google Play stores.
|Operating System||MFA Authentication Apps|
|IOS / Apple devices |
Apple App Store
|Duo⇗ 1Password⇗ Google Authenticator⇗|
|Duo⇗ 1Password⇗ Google Authenticator⇗|
TACC users who do not (or do) have mobile device devices may set up multi-factor authentication using standard SMS messaging.
When logging into a TACC resource you'll be prompted for your standard password, and then prompted for a "TACC Token Code". At this point a text message will be sent to your phone with a unique six-digit code. Enter this code at the prompt.
This token code is valid for this login session only and cannot be re-used. It may take up to 60 seconds for the text to reach you. We advise you to clear out your text messages in order to avoid confusion during future logins.
Here we demonstrate pairing with the TACC Token App, though you may use any any MFA app you like.
Begin by pressing the "Use Your Preferred Authenticator App to Pair" button on the portal (Figure 2. above). A personalized QR code will be generated on your computer screen as in Figure 4. below.
3. Open the TACC Token App on your device. Your mobile device screen should appear similar to Figure 5a. Tap the "+" in the lower right corner of the app to start the pairing process. The app will launch the mobile device's camera. Scan the generated QR code on your computer screen. Do not scan the image on this tutorial's page.
A typical login session will look something like this:
localhost$ ssh firstname.lastname@example.org To access the system: 1) If not using ssh-keys, please enter your TACC password at the password prompt 2) At the TACC Token prompt, enter your 6-digit code followed by
. Password: TACC Token Code: Last login: Mon Nov 1 18:42:37 2021 from 220.127.116.11 ------------------------------------------------------------------------------ Welcome to the Maverick2 Supercomputer Texas Advanced Computing Center, The University of Texas at Austin ------------------------------------------------------------------------------ ... login1.maverick2(399)$
After typing in your password, you'll be prompted for "
TACC Token Code:". At this point, turn to your mobile device/phone.
If you've paired with the TACC Token App, open the app and the enter the six-digit number currently being displayed. If you mis-type the number, just wait till the app cycles (every 30-60 seconds) and try again with the next number (figure 9b).
If you've paired with SMS, you'll receive a text message containing a six digit verification code (figure 9a). Enter this code at the
TACC Token Code:prompt. Please note that it may take up to 60 seconds for the text containing the token code to reach you. Each token code is valid for one login only and cannot be re-used.
Users located outside the U.S. must pair using a Multi-Factor Authentication app of your choice. Because the cost associated with sending multiple international text messages is prohibitive, international users may NOT set up multi-factor authentication with SMS.
To unpair your device, sign into the TACC User Portal and click on "Manage Profile". Depending upon the method of pairing you'll see a message similar to Figure 7. Click on the red subtract symbol to begin the unpairing process.
On the next screen (Figure 8.) you'll be asked to to confirm the unpairing. Similar to the pairing process, you must verify unpairing by entering the token code when prompted. If you've lost access to the device you originally paired with, you may unpair using email notification.