nersc multi factor authentication
play

NERSC Multi-Factor Authentication It's easy! Abe Singer - PowerPoint PPT Presentation

Sep 26, 2022 •826 likes •1.07k views

NERSC Multi-Factor Authentication It's easy! Abe Singer 2018-11-01 MFA in Brief MFA will be required starting with new allocation year MFA == Password + One Time Password (OTP) Protects your account against password

  1. NERSC Multi-Factor Authentication It's easy! Abe Singer 2018-11-01

  2. MFA in Brief ● MFA will be required starting with new allocation year ● MFA == Password + One Time Password (OTP) ○ Protects your account against password theft/guessing ● No special hardware required, uses (free) phone/tablet app ● Configure with NIM in just a few minutes ● semi single sign-on (SSO) across NERSC ○ sshproxy: SSO for ssh ○ Shibboleth and NEWT: SSO for websites ● Supported across virtually all of NERSC ○ Coming soon: myProxy, HPSS tokens, Jupyter, NX 2

  3. Using MFA 3

  4. Google Authenticator OTP, changes every 30 seconds Serial Number (identifier) Time remaining 4

  5. Using MFA: ssh DOE6748468:~ abe$ ssh cori.nersc.gov ***************************************************************** * * * NOTICE TO USERS * * --------------- * Password + OTP: NIM.password 157712 Last login: Wed Oct 31 21:02:26 2018 from 71.143.193.229 ----------------------------- Contact Information ---------------- abe@cori07:~> 5

  6. sshproxy ● Entering OTP every time isn't very friendly with scripts/workflows ● sshproxy ○ Service developed by NERSC ○ You use MFA to obtain an ssh key that expires after 24 hours ■ MFA once, run everywhere (at NERSC) ■ Use sshproxy again when key expires ○ Leverages ssh certificates NERSC-supplied bash client script does all the work ○ 6

  7. Using MFA: sshproxy abe$ sshproxy.sh Enter your password+OTP: NIM.password 157712 Successfully obtained ssh key /Users/abe/.ssh/nersc Key is valid: from 2018-11-01T04:36:00 to 2018-11-02T04:37:51 abe$ ls ~/.ssh config id_rsa.pub nersc nersc.pub id_rsa known_hosts nersc-cert.pub abe$ ssh -i ~/.ssh/nersc cori.nersc.gov ***************************************************************** * * * NOTICE TO USERS * abe@cori07:~> 7

  8. Using MFA: ssh config (less typing) ~/.ssh/config Host cori cori.nersc.gov Hostname cori.nersc.gov IdentityFile ~/.ssh/nersc 8

  9. Using MFA: Shibboleth 9

  10. 10

  11. Enabling MFA 11

  12. Enabling MFA 12

  13. Enabling MFA (cont.) 13

  14. Creating a "token" 14

  15. Creating a token (cont.) 15

  16. Creating a token (cont). 16

  17. Creating a token (cont). 17

  18. Creating a token (cont). 18

  19. Creating a token (cont). 19

  20. Additional details ● sshproxy keys >24 hours with justification and authorization ● Desktop app ("authy") for the smartphone-less ● "Backup" OTP passwords for when you leave your mobile at home ● Token "reset" for when you lose/replace your device(s) ● Hardware token (yubikey) supported ○ You have to purchase (~$40) and configure ○ Requires desktop software ○ Kindle Fire is only slightly more ($50) ■ And you can play games on it too! ● Exceptions to MFA available if necessary ○ Tell us why MFA can't work for you 20

  21. Any Questions? ● https://www.nersc.gov/users/connecting-to-nersc/mfa/ ○ Or google "NERSC MFA" ● Any questions? 21

  22. Thank You 22

Recommend

Multi-factor Authentication Coming to a NERSC near you You Have Probably Heard of MFA

Multi-factor Authentication Coming to a NERSC near you You Have Probably Heard of MFA

Multi-factor Authentication Coming to a NERSC near you You Have Probably Heard of MFA Password One-time Password (OTP) Factor == Authentication Method Certificate Hardware Token Biometric password + OTP token + PIN Multi-factor ::= 2+

90 views • 7 slides
Contextual Access and Multi-Factor Authentication Lessons learned on getting past single-factor

Contextual Access and Multi-Factor Authentication Lessons learned on getting past single-factor

Conference 2018 Contextual Access and Multi-Factor Authentication Lessons learned on getting past single-factor authentication! Panelists Corey Scholefield - Team Lead, Identity Services Wendy Blake Director, Network and Technical Services

519 views • 33 slides
Multi-Factor Authentication: Security or Snake Oil? Steven Myers Rachna Dhamija Jeffrey

Multi-Factor Authentication: Security or Snake Oil? Steven Myers Rachna Dhamija Jeffrey

Multi-Factor Authentication: Security or Snake Oil? Steven Myers Rachna Dhamija Jeffrey Friedberg Phishing & Identity Theft Historically most online banking done with passwords (single-factor authentication) Password communicated

449 views • 42 slides
Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Version 1.0 Cornelius Klbel (corny@cornelinux.de) May 2014 (CC BY-NC-SA 4.0) Everybody knows that a password - be it simple or even complex - is a potential vulnerability. Two factor authentication is the way to authenticate a user not only

400 views • 5 slides
DUO 2-Factor Authentication at UNC Charlotte WHATS DUO? Two-Factor Authentication

DUO 2-Factor Authentication at UNC Charlotte WHATS DUO? Two-Factor Authentication

DUO 2-Factor Authentication at UNC Charlotte WHATS DUO? Two-Factor Authentication Using two devices to prove youre you! Why? Breaches! UNC Charlotte has been the victim of more than one data breach, and ITS is attempting to

623 views • 6 slides
Multi-Factor Authentication (MFA) What is it? Why should I use it? CYBERSECURITY Tech Fair 2018

Multi-Factor Authentication (MFA) What is it? Why should I use it? CYBERSECURITY Tech Fair 2018

10.10.18 1 Multi-Factor Authentication (MFA) What is it? Why should I use it? CYBERSECURITY Tech Fair 2018 Boston University Information Services & Technology 10.10.18 2 Recent Password Hacks PlayStation Network (2011) 77 Million

157 views • 13 slides
Multi-Factor Authentication (MFA) for the NCEdCloud IAM Service - Part 2 - (MFA for additional

Multi-Factor Authentication (MFA) for the NCEdCloud IAM Service - Part 2 - (MFA for additional

Multi-Factor Authentication (MFA) for the NCEdCloud IAM Service - Part 2 - (MFA for additional NCEdCloud Privileged Accounts) - Mark Scheible, MCNC MFA for All NCEdCloud Privileged Users As a part of continuing efforts to enhance the security

479 views • 14 slides
Multi-Factor Authentication (MFA) for the NCEdCloud IAM Service - Part 2 - (MFA for additional

Multi-Factor Authentication (MFA) for the NCEdCloud IAM Service - Part 2 - (MFA for additional

Multi-Factor Authentication (MFA) for the NCEdCloud IAM Service - Part 2 - (MFA for additional NCEdCloud Privileged Accounts) - Mark Scheible, MCNC MFA for All NCEdCloud Privileged Users - 1 As a part of continuing efforts to enhance the

319 views • 15 slides
T/Key: Second-Factor Authentication Without Server Secrets Dima Kogan 1 , Nathan Manohar 2 , Dan

T/Key: Second-Factor Authentication Without Server Secrets Dima Kogan 1 , Nathan Manohar 2 , Dan

T/Key: Second-Factor Authentication Without Server Secrets Dima Kogan 1 , Nathan Manohar 2 , Dan Boneh 1 1 Stanford, 2 UCLA Passwords have multiple security issues eavesdropping/key logging phishing password reuse Two-factor authentication

779 views • 31 slides
What does MFA mean? Jeffrey Goldberg jeff@1Password.com What does MFA mean? It

What does MFA mean? Jeffrey Goldberg jeff@1Password.com What does MFA mean? It

What does MFA mean? Jeffrey Goldberg jeff@1Password.com What does MFA mean? It means multi-factor authentication. In certain cases it is called 2FA for two-factor authentication. Jeffrey Goldberg What does MFA mean?

471 views • 44 slides
View The Email to Get Hacked: Attacking SMS-based Two-Factor Authentication Philipp Markert,

View The Email to Get Hacked: Attacking SMS-based Two-Factor Authentication Philipp Markert,

View The Email to Get Hacked: Attacking SMS-based Two-Factor Authentication Philipp Markert, Florian Farke, and Markus Drmuth Santa Clara, California, USA | WAY 2019 | August 11, 2019 Two-Factor Authentication 1 1 2 1 Gmail 2FA

415 views • 28 slides
Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR

Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR

Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR CONSULTANTS www.XFactorConsultants.com User Authentication (Auth) The methods by which a web app verifies the identity of a user and limits their

334 views • 8 slides
Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc.

Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc.

Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc. rijswijk@cs.ru.nl

299 views • 14 slides
Mendel at NERSC: Multiple Workloads on a Single Linux Cluster Larry Pezzaglia NERSC

Mendel at NERSC: Multiple Workloads on a Single Linux Cluster Larry Pezzaglia NERSC

Mendel at NERSC: Multiple Workloads on a Single Linux Cluster Larry Pezzaglia NERSC Computational Systems Group lmpezzaglia@lbl.gov CUG 2013 (May 9, 2013) Snapshot of NERSC Located at LBNL, NERSC is the production computing facility for

481 views • 31 slides
UPDATE ON NERSC PScheD EXPERIENCES, A CONTINUING SUCCESS STORY Tina Butler - NERSC Brent Draney

UPDATE ON NERSC PScheD EXPERIENCES, A CONTINUING SUCCESS STORY Tina Butler - NERSC Brent Draney

N ATIONAL E NERGY R ESEARCH S CIENTIFIC C OMPUTING C ENTE R UPDATE ON NERSC PScheD EXPERIENCES, A CONTINUING SUCCESS STORY Tina Butler - NERSC Brent Draney - NERSC Mike Welcome -NERSC Bryan Hardy - SGI Steve Luzmoor - SGI This work was

622 views • 22 slides
smartmail & smartportal: Introducing Two- Factor Authentication Presented By: Business

smartmail & smartportal: Introducing Two- Factor Authentication Presented By: Business

smartmail & smartportal: Introducing Two- Factor Authentication Presented By: Business Process Team DL-BusinessProcessandAutomation@fnf.com Decision of the Organization to protect our clients and customers further by adding another

202 views • 16 slides
Accelerating Experimental Workflows on NERSC systems Katie Antypas NERSC Division Deputy

Accelerating Experimental Workflows on NERSC systems Katie Antypas NERSC Division Deputy

Accelerating Experimental Workflows on NERSC systems Katie Antypas NERSC Division Deputy Jefferson Lab Seminar May 15, 2019 NERSC is the mission HPC facility for the DOE Office of Science Simulations at scale 7,000 Users 800 Projects

813 views • 43 slides
A Comparative Usability Study of Two-Factor Authentication Emiliano de Cristofaro 1 , Honglu Du 2

A Comparative Usability Study of Two-Factor Authentication Emiliano de Cristofaro 1 , Honglu Du 2

A Comparative Usability Study of Two-Factor Authentication Emiliano de Cristofaro 1 , Honglu Du 2 , Julien Freudiger 2 , Gregory Norcie 3 UCL 1 , PARC 2 , Indiana University 3 Website/Service Token password Fingerprint Phone PIN Retina

367 views • 20 slides
Recent Workload Characterization Activities at NERSC Harvey Wasserman NERSC Science Driven System

Recent Workload Characterization Activities at NERSC Harvey Wasserman NERSC Science Driven System

Recent Workload Characterization Activities at NERSC Harvey Wasserman NERSC Science Driven System Architecture Group www.nersc.gov/projects/SDSA October 15, 2008 Los Alamos Computer Science Symposium Workshop on Performance Analysis of

538 views • 53 slides
Tapes Not Dead At LBNL/NERSC Nick Balthaser MSST 2019 May 21, 2019 Storage @NERSC

Tapes Not Dead At LBNL/NERSC Nick Balthaser MSST 2019 May 21, 2019 Storage @NERSC

Tapes Not Dead At LBNL/NERSC Nick Balthaser MSST 2019 May 21, 2019 Storage @NERSC NERSC is a DOE HPC Center Broad range of unclassified research, thousands of users Tiered storage hierarchy: Burst buffer Lustre

103 views • 8 slides
Filesystems and I/O Balance on the NERSC T3E Tina Butler, NERSC Systems Group This work was

Filesystems and I/O Balance on the NERSC T3E Tina Butler, NERSC Systems Group This work was

N ATIONAL E NERGY R ESEARCH S CIENTIFIC C OMPUTING C ENTE R Filesystems and I/O Balance on the NERSC T3E Tina Butler, NERSC Systems Group This work was supported by the Director, Office of Advanced Scientific Computing Research, Division of

479 views • 21 slides
Secure SDN Authentication & Authorization for Multi-tenancy (DNS based PKI model) Author:

Secure SDN Authentication & Authorization for Multi-tenancy (DNS based PKI model) Author:

IETF94 2 Nov. 2015 Yokohama SDNRG WG Secure SDN Authentication & Authorization for Multi-tenancy (DNS based PKI model) Author: www.huawei.com Hosnieh Rafiee Ietf{at}rozanak.com Motivation Problem: secure SDN authentication,

546 views • 10 slides
c b roland.vanrijswijk@surfnet.nl Overview - Introduction - The 2-factor landscape - Something

c b roland.vanrijswijk@surfnet.nl Overview - Introduction - The 2-factor landscape - Something

tiqr: a novel take on two-factor authentication LISA 2011, Boston, MA Roland van Rijswijk c b roland.vanrijswijk@surfnet.nl Overview - Introduction - The 2-factor landscape - Something we all have - - Comparison of 2-factor AuthN

546 views • 19 slides
DVS, GPFS and External Lustre at NERSC How Its Working on Hopper Tina Butler, Rei Chi Lee,

DVS, GPFS and External Lustre at NERSC How Its Working on Hopper Tina Butler, Rei Chi Lee,

DVS, GPFS and External Lustre at NERSC How Its Working on Hopper Tina Butler, Rei Chi Lee, Gregory Butler 05/25/11 CUG 2011 1 NERSC is the Primary Computing Center for DOE Office of Science NERSC serves a large population

589 views • 26 slides

More recommend