Multi-Factor Authentication
Multi-Factor Authentication (MFA) also called Two-Factor Authentication (2FA) “is a security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). Your credentials must come from two different categories to enhance security – so entering two different passwords would not be considered multi-factor.”[1]
Drexel's use of the Microsoft Authenticator is a MFA system.
MFA is currently only available on Picotte, and it is optional.
Prerequisites
You will need an authenticator app on your phone. Any of these should work:
- Microsoft Authenticator - currently used by Drexel
- Google Authenticator
- Authy
Some password-saving apps also have MFA code generation features:
Setup
This setup process will generate a QR code right in your terminal. You should make sure your terminal is full-screen to ensure that the QR code will fit.
google-authenticator -t -d -r 3 -R 30 -e 10
This will then display a QR code, which you should scan with your authenticator app.
You should then type in the 6-digit code that the app generates into the terminal. DO NOT type in "-1" to skip. If the code was correct, it will display 10 "scratch codes", or backup codes.
Your emergency scratch codes are:
AAAAAA
BBBBBB
CCCCCC
DDDDDD
EEEEEE
FFFFFF
GGGGGG
HHHHHH
IIIIII
JJJJJJ
You should write all these codes down on paper, and store them in a safe place. If you ever lose your phone, you can use one of these codes to login. Or, use a password saving app (which has online storage) to create an encrypted note containing these scratch codes.
Next it will ask two questions, one whether to update your
/home/yourname/.google_authenticator file, and something about skew.
Answer "y" to both questions.
References
[1] NIST IT Lab. Cybersecurity Div. - Back to basics: Multi-factor authentication (MFA)