Multifactor Authentication at TACC
TACC is now implementing Multi-Factor Authentication (MFA) as an additional security measure when accessing resources. MFA will become mandatory on September 27, 2016 and will be required to access all TACC resources. To set up MFA pairing at TACC, proceed directly to the TACC pairing page.
Authentication is the process of determining if you are you. Traditional methods of associating a user account with a single password have not been 100% successful. Multi-Factor Authentication (MFA) requires another step, or "factor", in the authenticaton process. In addition to the usual password users must complete authentication using another device unique to them, usually the user's mobile phone/device. TACC offers another device, the TACC Hard Token, as another authentication factor.
Click "Pair a Device" to get to the TACC device pairing page. Here you'll be presented with three different pairing methods. Users may authenticate with one and only one method. It's easy to pair and unpair using either of the first two methods.
TACC offers three methods of authentication (pairing). Pairing methods are mutually exclusive. Select one of the following pairing methods:
Users without (and with) smartphone devices may enable multi-factor authentication with SMS, standard text messaging.
A TACC Hard Token is a physical device, similar to a fob (see Figure 7). This device is another unique-to-the-user device that serves as another pairing method.
Follow the three steps below to pair your smartphone with the TACC Token App.
- Download and install the TACC Token App on your iPhone or Android device.
2. Press the "Use the TACC Token App to pair" button on the portal (Figure 2. above). A personalized QR code will be generated on your computer screen as in Figure 4. below.
3. Open the TACC Token App on your device. Your smartphone screen should appear similar to Figure 5a. Tap the "+" in the lower right corner of the app to start the pairing process. The app will launch the smartphone's camera. Scan the generated QR code on your computer screen. Do not scan the image on this tutorial's page.
TACC users who do not (or do) have smartphone devices may set up multi-factor authentication using standard SMS messaging.
When logging into a TACC resource you'll be prompted for your standard password, and then prompted for a "TACC Token Code". At this point a text message will be sent to your phone with a unique six-digit code. Enter this code at the prompt.
This token code is valid for this login session only and cannot be re-used. Please note that it may take up to 60 seconds for the text to reach you. We advise you to clear out your text messages in order to avoid confusion during future logins.
Users have the third choice of pairing using the TACC Hard Token, a fob-sized device that generates random numbers. The TACC Hard Tokens are available for purchase for $25 at the UT store. Users who do not have a UT EID may "checkout as guest". TACC will cover cost of shipping the token to the user's specified address.
Once you've received the TACC Hard Token, enter the token's serial number (on the back of the fob) on the portal pairing page, followed by clicking "next", and then entering the current 6-digit rolling token code shown on your screen.
Users located outside the U.S. must pair using either the TACC Token App or TACC Hard Token methods. Because the cost associated with sending multiple international text messages is prohibitive, international users may NOT set up multi-factor authentication with SMS.
Travelers who may experience intermittent wifi or internet access should also pair using either the TACC Token App or TACC Hard Token methods.
A typical login session will look something like this:
localhost$ ssh -l username stampede.tacc.utexas.edu Password: SMS Submitted TACC Token Code: Last login: Tue Aug 16 09:41:46 2016 from 18.104.22.168 ------------------------------------------------------------------------------ Welcome to the Stampede Supercomputer Texas Advanced Computing Center, The University of Texas at Austin ------------------------------------------------------------------------------ ... login3.stampede(1)$
After typing in your password, you'll be prompted for "
TACC Token Code:". At this point, turn to your device/phone.
If you've paired with SMS, you'll receive a text message containing a six digit verification code (figure 9a). Enter this code at the
TACC Token Code:prompt. Please note that it may take up to 60 seconds for the text containing the token code to reach you. Each token code is valid for one login only and cannot be re-used.
If you've paired with the TACC Token App, open the app and the enter the six-digit number currently being displayed. If you mis-type the number, just wait till the app cycles (every 30-60 seconds) and try again with the next number (figure 9b).
Users who have paired using either of the first two methods, TACC Token App or SMS, may unpair using an automated process. Users who have paired with the TACC Hard Token cannot unpair without staff help. These users must submit a support ticket to unpair with the hard token.
Otherwise, to unpair your device, sign into the TACC User Portal and click on "Manage Profile". Depending upon the method of pairing you'll see a message similar to Figure 9. Click on the red subtract symbol to begin the unpairing process.
On the next screen (Figure 10.) you'll be asked to to confirm the unpairing. Similar to the pairing process, you must verify unpairing by entering the token code when prompted. If you've lost access to the device you originally paired with, you may unpair using email notification.
Last update: December 12, 2016