Doc::MFA
Computer Science Multi-factor Authentication
Introduction
Computer Science login using a simple form of multi-factor authentication (MFA) by sending a one time use token (OTP) to an email address that you have configured. Most all cell phone carriers provide a way to receive an email as a text message so you can set up your CS MFA to utilize your cell phone to authenticate. The OTP can only be used once, additionally the OTP is only valid for 5 minutes. You can "resend" the token if you run out of time.
Change your CS MFA email address
- Your CS Profile: https://admin.cs.vt.edu/my-profile/
By default, CS MFA uses your "preferred" email address that is configured in your profile. If you set the "MFA Email" field in your profile, then it will use that address instead. Use caution when changing your MFA email, you could lock yourself out of your CS account if the address does not work. You should leave your profile page open, and then in a new "Private/Incognito" browser go to https://2fa.admin.cs.vt.edu to test your change, and make sure you can log in.
Email to SMS
Most all major cell providers offer a service that will receive a text message from a special email address. For example, if the phone number is 123-456-7890 and the carrier is AT&T, the email address is 1234567890@txt.att.net. Even 3rd party cell providers will use the network's gateway address. For example, Visible and Total Wireless both run on the Verizon network and would use the @vtext.com address.
| Carrier | SMS Gateway | MMS Gateway |
|---|---|---|
| AT&T | @txt.att.net | @mms.att.net |
| Boost Mobile | @sms.myboostmobile.com | @myboostmobile.com |
| Cricket Wireless | @sms.cricketwireless.net | @mms.cricketwireless.net |
| T-Mobile | @tmomail.net | @tmomail.net |
| UScellular | @email.uscc.net | @mms.uscc.net |
| Verizon | @vtext.com | @vzwpix.com |
Don’t know your carrier? Use a website like https://freecarrierlookup.com/ to look it up.
Trusted Devices
After you successfully log in with CS MFA, you have the option to remember the device for a certain amount of time. This means CS MFA won't ask you to enter your OTP again from this specific "device" until it expires. You should only do this on machines that you trust, such as your desktop/laptop. The "device" is specific to the machine and browser that you are using. For example, if you have Firefox on your laptop saved as a trusted device, then you log in from Chrome on the same machine, it will still ask for your OTP.
Tips
- Be sure not use a MFA email address that is accessible from your CS account. For example, do not use
<pid>@cs.vt.eduor<pid>@vt.eduthat forwards to your<pid>@cs.vt.eduaddress. If a hacker got your password, then they could login to your email to retrieve the OTP. - The OTP is formatted such as
CASMFA-123456Entering the "CASMFA-" part is optional. You can save time by just entering the numbers. - Your MFA email can only be a single address. If you want to use multiple email addresses for redundancy, then Techstaff can create an email alias that can go to multiple addresses.
- Use caution when updating your MFA email address, you can accidentally lock yourself out of your account. Test your change in a private/incognito window before closing your profile page.
- As a fail-safe, you can login into your CS account without MFA if you are connected to the VT VPN.