Multi-Factor Authentication Required for Allocation Year 2019
August 27, 2018 by Sudip Dosanjh
Dear NERSC Users,
I’m writing to communicate an upcoming change in how user accounts will be authenticated at NERSC. As you may know, NERSC currently supports multi-factor authentication (MFA) for user accounts on a voluntary basis. Starting in the 2019 allocation year, NERSC will require MFA for accessing NERSC systems in the majority of cases. To prepare for this change, we encourage you to start testing MFA now (see this help page to see how to use MFA).
I have authorized this policy change to protect the integrity of your data, accounts, and allocations and to align NERSC with best practices in HPC and the online world in general. MFA provides greater protection against phishing and other modern threats to your digital security. NERSC makes security largely transparent to users, but we need your help to ensure there is not unauthorized access to your account and data.
NERSC experts have been working hard to implement MFA in ways that minimally impacts how you work at NERSC. For example, we’ve created technologies that allow you to authenticate with MFA only once per day as well as incorporate MFA into automated workflows. The policy also allows for longer periods of single sign-on access, or opting-out of MFA where reasonably justified. You can read more about how this works here.
In the next few weeks you will receive communications from our Security and User Engagement staff with pointers to additional information about transitioning to MFA across all NERSC resources. I encourage you to pay attention to these communications and try MFA well before the new allocation year begins. And of course, NERSC staff are always happy to answer any questions or help troubleshoot issues at the NERSC Help Desk.
Thanks for your help as we build a more secure infrastructure for you!