NERSCPowering Scientific Discovery Since 1974

NERSC Users Begin Implementing MFA for Higher Security Access to Cori

December 6, 2018

Contact: Keri Troutman, khtroutman@lbl.gov, 510-486-5071

Screen Shot 2018 12 06 at 9.43.44 AM

NERSC user Eddie Baron from the University of Oklahoma implemented the new MFA procedure two months ago and says it has been "simple and seamless."

Starting this January, all NERSC users will be required to use multi-factor authentication (MFA), a security measure that provides greater protection than regular passwords against phishing and other modern threats to digital security. MFA will require NERSC users to log in to NERSC systems using their NIM passwords plus a "one-time password" generated by an authenticator app installed on a mobile device.

Some NERSC users are ahead of the game and have already implemented MFA into their workflow. Eddie Baron, a numerical astrophysicist from the University of Oklahoma who uses Cori to calculate three-dimensional (3D) models of stars, started using MFA two months ago and says it has been “simple and seamless.”

Baron’s research focuses on the physics of supernova explosions, stellar evolution, and nucleosynthesis. He’s recently been working on calculating radiative transport in three spatial dimensions, a daunting computational task for which he says Cori is crucial. The computations allow Baron and his colleagues to analyze 3D models of many objects: supernovae, the sun, variable stars, and even global climate models of extra-solar planets and the earth.

“Cori is our largest available computational resource,” says Baron. “What we’re working on is numerically very different than any other type of classical calculation—it is really a six-dimensional problem—so our work stresses computer systems in a way that other research doesn’t.”

Baron uses NERSC’s SSH proxy service for MFA when he accesses Cori, which allows him to get an SSH key via MFA that is valid for 24 hours. The SSH key can be used to log in to any NERSC systems for which users are authorized.

“I was initially concerned that if I forget my mobile phone at home one day, I wouldn’t be able to access the MFA generator,” says Baron. However, NERSC recently implemented a backup password system that allows users to generate and print out a set of five one-time passwords for these kinds of situations.

“I only have to use SSH proxy once a day, so it really doesn’t interrupt my workflow at all,” says Baron. “I’ve used another NASA authentication system that’s more complicated; I’d say that [NERSC] MFA is one of the least intrusive systems I’ve used.”

NERSC will host a series of virtual MFA help desk “office hours” for users; see the schedule here.

For more information about MFA at NERSC:

The NERSC MFA webpage

NERSC podcast about MFA

NERSC podcast about sshproxy tool


About NERSC and Berkeley Lab
The National Energy Research Scientific Computing Center (NERSC) is a U.S. Department of Energy Office of Science User Facility that serves as the primary high-performance computing center for scientific research sponsored by the Office of Science. Located at Lawrence Berkeley National Laboratory, the NERSC Center serves more than 6,000 scientists at national laboratories and universities researching a wide range of problems in combustion, climate modeling, fusion energy, materials science, physics, chemistry, computational biology, and other disciplines. Berkeley Lab is a DOE national laboratory located in Berkeley, California. It conducts unclassified scientific research and is managed by the University of California for the U.S. DOE Office of Science. »Learn more about computing sciences at Berkeley Lab.