NERSC Users Begin Implementing MFA for Higher Security Access to Cori

December 6, 2018

Contact: Keri Troutman, khtroutman@lbl.gov, 510-486-5071

NERSC user Eddie Baron from the University of Oklahoma implemented the new MFA procedure two months ago and says it has been "simple and seamless."

Starting this January, all NERSC users will be required to use multifactor authentication (MFA), a security measure that provides greater protection than regular passwords against phishing and other modern threats to digital security. MFA will require NERSC users to log in to NERSC systems using their NIM passwords plus a "one-time password" generated by an authenticator app installed on a mobile device.

Some NERSC users are ahead of the game and have already implemented MFA into their workflow. Eddie Baron, a numerical astrophysicist from the University of Oklahoma who uses Cori to calculate three-dimensional (3D) models of stars, started using MFA two months ago and said it has been “simple and seamless.”

Baron’s research focuses on the physics of supernova explosions, stellar evolution, and nucleosynthesis. He’s recently been working on calculating radiative transport in three spatial dimensions, a daunting computational task for which he said Cori is crucial. The computations allow Baron and his colleagues to analyze 3D models of many objects: supernovae, the sun, variable stars, and even global climate models of extra-solar planets and the earth.

“Cori is our largest available computational resource,” said Baron. “What we’re working on is numerically very different than any other type of classical calculation – it is really a six-dimensional problem – so our work stresses computer systems in a way that other research doesn’t.”

Baron uses NERSC’s SSH proxy service for MFA when he accesses Cori, which allows him to get an SSH key via MFA that is valid for 24 hours. The SSH key can be used to log in to any NERSC systems for which users are authorized.

“I was initially concerned that if I forget my mobile phone at home one day, I wouldn’t be able to access the MFA generator,” says Baron. However, NERSC recently implemented a backup password system that allows users to generate and print out a set of five one-time passwords for these kinds of situations.

“I only have to use SSH proxy once daily, so it really doesn’t interrupt my workflow at all,” said Baron. “I’ve used another NASA authentication system that’s more complicated; I’d say that [NERSC] MFA is one of the least intrusive systems I’ve used.”

For more information about MFA at NERSC, visit the following links:

About NERSC and Berkeley Lab
The National Energy Research Scientific Computing Center (NERSC) is a U.S. Department of Energy Office of Science User Facility that serves as the primary high performance computing center for scientific research sponsored by the Office of Science. Located at Lawrence Berkeley National Laboratory, NERSC serves almost 10,000 scientists at national laboratories and universities researching a wide range of problems in climate, fusion energy, materials science, physics, chemistry, computational biology, and other disciplines. Berkeley Lab is a DOE national laboratory located in Berkeley, California. It conducts unclassified scientific research and is managed by the University of California for the U.S. Department of Energy. »Learn more about computing sciences at Berkeley Lab.