[Bi-users] Two-factor authentication for Bi
Kent Engström
kent at nsc.liu.se
Tue Nov 2 17:38:18 CET 2021
Dear Bi Users,
as you may have heard already from you user representatives, we are
now enabling two-factor authentication ("2FA") on Bi, using the same
method we are already using for our academic clusters Tetralith and
Sigma: TOTP, a six-digit time-dependent code you get from an app
(typically on your smartphone).
First, let us tell you when you will not have to use two-factor
authentication:
- You will not have to use it when you login to Bi from SMHI. This
includes the SMHI VPN.
- You will not have to use it when you login to Bi from ECMWF, or from
the login nodes on Stratus and Cirrus.
- If you have an automated workflow initiated from elsewhere, you can
register a special SSH key for "unattended logins" as per
https://www.nsc.liu.se/support/2fa/unattended-logins/
This means that you will use two-factor authentication only when you
login from home, on travel etc and do not use the SMHI VPN, and when
you login from other clusters, servers etc outside of SMHI using your
normal SSH key or password.
Also, until 2021-12-01, two-factor is voluntary: only when you
register for it at https://nim.nsc.liu.se/express/request_totp/bi will
you be required to use it (with the above exceptions).
>From 2021-12-01, logins that do not match the exceptions above will
fail if you have not registered for two-factor authentication.
You can read more about the two-factor authentication at:
https://www.nsc.liu.se/support/2fa/
The page most relevant to existing Bi users is:
https://www.nsc.liu.se/support/2fa/migration/
Best Regards,
--
Kent Engström, National Supercomputer Centre
kent at nsc.liu.se, +46 13 28 4444
More information about the Bi-users
mailing list