... | ... | @@ -10,6 +10,15 @@ The HPC Accounts at the RWTH Compute Cluster are moving to the [RegApp](https:// |
|
|
|
|
|
In the first step, which encompasses migrating the RWTH Compute Cluster Accounts from the Self-Service to the RegApp, not much will change in day-to-day business. Logging in on most login nodes will remain the same as it has been. Only the login18-4 node will have two-factor authentication enabled. Other than that, the main difference will occur when changing the password associated with your HPC account: this functionality will now be located in the RegApp instead of the Self-Service.
|
|
|
|
|
|
# What Is Multi-Factor-Authentication?
|
|
|
|
|
|
We all know what we need to access most websites: our username and password. With this pair of data, we _authenticate_ ourselves: we tell the computer who we are (via the username) and then prove that we are who we claim to be (as we know the secret password associated with the username). However, this is not a very secure way of protecting resources or contents. Many people use the same username/password combination for several websites and may have their access information compromised when one of them is hacked, or have easily guessable passwords.
|
|
|
|
|
|
To shore up the protection, a second proof of identity may be required – another _factor_ when authentication ourselves. Username/password is a factor of type _knowledge_: you authenticate yourself by proving you know something. Other types include possession (e.g., your state-issued ID, the key to your house, or a hardware token that is registered with your account) and inherence (something you _are_, e.g., fingerprints, face recognition, or looking like the picture printed on your state-issued ID), as well as location (e.g., some services may only accessible if you are in front of the physical computer, or if you are logged into a certain network).
|
|
|
|
|
|
_Multi-factor-authentication_ (MFA) is the combination of at least two factors, ideally comprising different types. An example is the TAN used for internet banking – you first use username/password, and then have to enter a second code that is either generated in a TAN generator app on the smartphone, or with the card and an external TAN generator.
|
|
|
|
|
|
Does that mean once you have a second factor you can use the password _password_ or _123456_ (two of the most common passwords)? No! If you choose an insecure first factor, you are back down to only a single (reliable) factor to authenticate yourself with, and if that is lost, it might compromise your account.
|
|
|
|
|
|
# Wiki Structure
|
|
|
|
... | ... | |