Doc::MFA: Difference between revisions
No edit summary |
No edit summary |
||
Line 8: | Line 8: | ||
== Registering Devices == | == Registering Devices == | ||
The first time you log into your account after turning MFA on, you will be prompted to register a Google Authenticator device. This is done using either a QR code or a secret key, both are display on the screen. Both the QR code and secret key are sensitive, so keep them safe! Printing the QR code is a great way to keep a hard copy backup of your MFA code. | The first time you log into your account after turning MFA on, you will be prompted to register a Google Authenticator device. This is done using either a QR code or a secret key, both are display on the screen. Both the QR code and secret key are sensitive, so keep them safe! Printing the QR code is a great way to keep a hard copy backup of your MFA code. Once you have a enter the QR or secret key into your app, click on the "Confirm" button and it will prompt you for your TOTP key. | ||
== Trusted Devices == | == Trusted Devices == |
Revision as of 10:21, 26 August 2024
Computer Science Multi-factor Authentication
Introduction
Computer Science uses Google Authenticator time based one-time password (TOTP) second factor login. See this article for more information on using the service: https://support.google.com/accounts/answer/1066447 We recommend using the official Google Authenticator app on your Android or iOS smart phone, however many apps and devices are compatible with Google TOTP. We allow and recommend registering multiple Google Authenticator devices.
Enable MFA
Currrently, participation in Computer Science MFA is optional. You can go to https://admin.cs.vt.edu/my-profile to enable or disable MFA for your CS account. Not all services currently support MFA login, for example SSH to rlogin.
Registering Devices
The first time you log into your account after turning MFA on, you will be prompted to register a Google Authenticator device. This is done using either a QR code or a secret key, both are display on the screen. Both the QR code and secret key are sensitive, so keep them safe! Printing the QR code is a great way to keep a hard copy backup of your MFA code. Once you have a enter the QR or secret key into your app, click on the "Confirm" button and it will prompt you for your TOTP key.
Trusted Devices
After you successfully log in with CS MFA, you have the option to remember the device for a certain amount of time. This means CS MFA won't ask you to enter your OTP again from this specific "device" until it expires. You should only do this on machines that you trust, such as your desktop/laptop. The "device" is specific to the machine and browser that you are using. For example, if you have Firefox on your laptop saved as a trusted device, then you log in from Chrome on the same machine, it will still ask for your OTP.
Tips
- Make sure to backup your Google Authenticator codes, and transfer them to any new phone you get
- You can use a printout of our QR code as a hard copy backup. Make sure to keep this safe!
- If you get locked out of your account because of MFA, Contact Techstaff