Doc::MFA: Difference between revisions

From Computer Science Wiki
Jump to navigation Jump to search
Carnold (talk | contribs)
m Protected "Doc::MFA" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite))
Carnold (talk | contribs)
(5 intermediate revisions by the same user not shown)
Line 2: Line 2:


== Introduction ==
== Introduction ==
Computer Science login using a simple form of multi-factor authentication (MFA) by sending a one time use token (OTP) to an email address that you have configured.  Most all cell phone carriers provide a way to receive an email as a text message so you can set up your CS MFA to utilize your phone to authenticate.
Computer Science login using a simple form of multi-factor authentication (MFA) by sending a one time use token (OTP) to an email address that you have configured.  Most all cell phone carriers provide a way to receive an email as a text message so you can set up your CS MFA to utilize your cell phone to authenticate.  The OTP can only be used once, additionally the OTP is only valid for 5 minutes.  You can "resend" the token if you run out of time.


== Change your CS MFA email address ==
== Change your CS MFA email address ==
Line 8: Line 8:
By default, CS MFA uses your "preferred" email address that is configured in your profile.  If you set the "MFA Email" field in your profile, then it will use that address instead.  Use caution when changing your MFA email, you could lock yourself out of your CS account if the address does not work.  You should leave your profile page open, and then in a new "Private/Incognito" browser go to https://2fa.admin.cs.vt.edu to test your change, and make sure you can log in.
By default, CS MFA uses your "preferred" email address that is configured in your profile.  If you set the "MFA Email" field in your profile, then it will use that address instead.  Use caution when changing your MFA email, you could lock yourself out of your CS account if the address does not work.  You should leave your profile page open, and then in a new "Private/Incognito" browser go to https://2fa.admin.cs.vt.edu to test your change, and make sure you can log in.


== Email to MMS ==
== Email to SMS ==
Most all major cell providers offer a service that will receive a text message from a special email address.  For example, if the phone number is 123-456-7890 and the carrier is AT&T, the email address is <code>1234567890@txt.att.net</code>.  Even 3rd party cell providers will use the network's gateway address.  For example, Visible and Total Wireless both run on the Verizon network and would use the @vtext.com address.
Most all major cell providers offer a service that will receive a text message from a special email address.  For example, if the phone number is 123-456-7890 and the carrier is AT&T, the email address is <code>1234567890@txt.att.net</code>.  Even 3rd party cell providers will use the network's gateway address.  For example, Visible and Total Wireless both run on the Verizon network and would use the @vtext.com address.


Line 29: Line 29:
|}
|}
Don’t know your carrier? Use a website like https://freecarrierlookup.com/ to look it up.
Don’t know your carrier? Use a website like https://freecarrierlookup.com/ to look it up.
== Trusted Devices ==
After you successfully log in with CS MFA, you have the option to remember the device for a certain amount of time.  This means CS MFA won't ask you to enter your OTP again from this specific "device" until it expires.  You should only do this on machines that you trust, such as your desktop/laptop.  The "device" is specific to the machine and browser that you are using.  For example, if you have Firefox on your laptop saved as a trusted device, then you log in from Chrome on the same machine, it will still ask for your OTP.


== Tips ==
== Tips ==
* Be sure not use a MFA email address that is accessible from your CS account.  For example, do not use <pid>@cs.vt.edu or <pid>@vt.edu that forwards to your <pid>@cs.vt.edu address.  If a hacker got your password, then they could login to your email to retrieve the OTP.
* Be sure not use a MFA email address that is accessible from your CS account.  For example, do not use <code><pid>@cs.vt.edu</code> or <code><pid>@vt.edu</code> that forwards to your <code><pid>@cs.vt.edu</code> address.  If a hacker got your password, then they could login to your email to retrieve the OTP.
* The OTP is formatted such as <code>CASMFA-123456</code>  Entering the "CASMFA-" part is optional.  You can save time by just entering the numbers.
* The OTP is formatted such as <code>CASMFA-123456</code>  Entering the "CASMFA-" part is optional.  You can save time by just entering the numbers.
* You can enter multiple addresses by separating them with commasThis is a good way to add redundancy.
* Your MFA email can only be a single addressIf you want to use multiple email addresses for redundancy, then Techstaff can create an email alias that can go to multiple addresses.
* Use caution when updating your MFA email address, you can accidentally lock yourself out of your account.  Test your change in a private/incognito window before closing your profile page.
* Use caution when updating your MFA email address, you can accidentally lock yourself out of your account.  Test your change in a private/incognito window before closing your profile page.
* As a fail-safe, you can login into your CS account without MFA if you are connected to the VT VPN.
* As a fail-safe, you can login into your CS account without MFA if you are connected to the VT VPN.

Revision as of 16:14, 14 February 2023

Computer Science Multi-factor Authentication

Introduction

Computer Science login using a simple form of multi-factor authentication (MFA) by sending a one time use token (OTP) to an email address that you have configured. Most all cell phone carriers provide a way to receive an email as a text message so you can set up your CS MFA to utilize your cell phone to authenticate. The OTP can only be used once, additionally the OTP is only valid for 5 minutes. You can "resend" the token if you run out of time.

Change your CS MFA email address

By default, CS MFA uses your "preferred" email address that is configured in your profile. If you set the "MFA Email" field in your profile, then it will use that address instead. Use caution when changing your MFA email, you could lock yourself out of your CS account if the address does not work. You should leave your profile page open, and then in a new "Private/Incognito" browser go to https://2fa.admin.cs.vt.edu to test your change, and make sure you can log in.

Email to SMS

Most all major cell providers offer a service that will receive a text message from a special email address. For example, if the phone number is 123-456-7890 and the carrier is AT&T, the email address is 1234567890@txt.att.net. Even 3rd party cell providers will use the network's gateway address. For example, Visible and Total Wireless both run on the Verizon network and would use the @vtext.com address.

Here are the SMS and MMS gateways for the major carriers in the United States.
Carrier SMS Gateway MMS Gateway
AT&T @txt.att.net @mms.att.net
Boost Mobile @sms.myboostmobile.com @myboostmobile.com
Cricket Wireless @sms.cricketwireless.net @mms.cricketwireless.net
T-Mobile @tmomail.net @tmomail.net
UScellular @email.uscc.net @mms.uscc.net
Verizon @vtext.com @vzwpix.com

Don’t know your carrier? Use a website like https://freecarrierlookup.com/ to look it up.

Trusted Devices

After you successfully log in with CS MFA, you have the option to remember the device for a certain amount of time. This means CS MFA won't ask you to enter your OTP again from this specific "device" until it expires. You should only do this on machines that you trust, such as your desktop/laptop. The "device" is specific to the machine and browser that you are using. For example, if you have Firefox on your laptop saved as a trusted device, then you log in from Chrome on the same machine, it will still ask for your OTP.

Tips

  • Be sure not use a MFA email address that is accessible from your CS account. For example, do not use <pid>@cs.vt.edu or <pid>@vt.edu that forwards to your <pid>@cs.vt.edu address. If a hacker got your password, then they could login to your email to retrieve the OTP.
  • The OTP is formatted such as CASMFA-123456 Entering the "CASMFA-" part is optional. You can save time by just entering the numbers.
  • Your MFA email can only be a single address. If you want to use multiple email addresses for redundancy, then Techstaff can create an email alias that can go to multiple addresses.
  • Use caution when updating your MFA email address, you can accidentally lock yourself out of your account. Test your change in a private/incognito window before closing your profile page.
  • As a fail-safe, you can login into your CS account without MFA if you are connected to the VT VPN.