Doc::MFA

From Computer Science Wiki
Jump to navigation Jump to search

Computer Science Multi-factor Authentication

Introduction

Computer Science login using a simple form of multi-factor authentication (MFA) by sending a one time use token (OTP) to an email address that you have configured. Most all cell phone carriers provide a way to receive an email as a text message so you can set up your CS MFA to utilize your cell phone to authenticate. The OTP can only be used once, additionally the OTP is only valid for 5 minutes. You can "resend" the token if you run out of time.

Change your CS MFA email address

By default, CS MFA uses your "preferred" email address that is configured in your profile. If you set the "MFA Email" field in your profile, then it will use that address instead. Use caution when changing your MFA email, you could lock yourself out of your CS account if the address does not work. You should leave your profile page open, and then in a new "Private/Incognito" browser go to https://2fa.admin.cs.vt.edu to test your change, and make sure you can log in.

Email to SMS

Most all major cell providers offer a service that will receive a text message from a special email address. For example, if the phone number is 123-456-7890 and the carrier is AT&T, the email address is 1234567890@txt.att.net. Even 3rd party cell providers will use the network's gateway address. For example, Visible and Total Wireless both run on the Verizon network and would use the @vtext.com address.

Here are the SMS and MMS gateways for the major carriers in the United States.
Carrier SMS Gateway MMS Gateway
AT&T @txt.att.net @mms.att.net
Boost Mobile @sms.myboostmobile.com @myboostmobile.com
Cricket Wireless @sms.cricketwireless.net @mms.cricketwireless.net
T-Mobile @tmomail.net @tmomail.net
UScellular @email.uscc.net @mms.uscc.net
Verizon @vtext.com @vzwpix.com

Don’t know your carrier? Use a website like https://freecarrierlookup.com/ to look it up.

Trusted Devices

After you successfully log in with CS MFA, you have the option to remember the device for a certain amount of time. This means CS MFA won't ask you to enter your OTP again from this specific "device" until it expires. You should only do this on machines that you trust, such as your desktop/laptop. The "device" is specific to the machine and browser that you are using. For example, if you have Firefox on your laptop saved as a trusted device, then you log in from Chrome on the same machine, it will still ask for your OTP.

Tips

  • Be sure not use a MFA email address that is accessible from your CS account. For example, do not use <pid>@cs.vt.edu or <pid>@vt.edu that forwards to your <pid>@cs.vt.edu address. If a hacker got your password, then they could login to your email to retrieve the OTP.
  • The OTP is formatted such as CASMFA-123456 Entering the "CASMFA-" part is optional. You can save time by just entering the numbers.
  • Your MFA email can only be a single address. If you want to use multiple email addresses for redundancy, then Techstaff can create an email alias that can go to multiple addresses.
  • Use caution when updating your MFA email address, you can accidentally lock yourself out of your account. Test your change in a private/incognito window before closing your profile page.
  • As a fail-safe, you can login into your CS account without MFA if you are connected to the VT VPN.