Multifactor Authentication at TACC

Last update: June 06, 2025

What is MFA?

Authentication is the process of determining if you are you. Traditional methods of associating a user account with a single password are no longer sufficient. Multi-Factor Authentication (MFA) requires another step, or "factor", in the authenticaton process. In addition to the usual password, users must complete authentication using another device unique to them, usually their mobile phone/device.

TACC requires Multi-Factor Authentication (MFA) as an additional security measure when accessing all compute and storage resources. All TACC account holders must maintain a valid MFA pairing.

Set up MFA at TACC

All account management is done via the TACC Accounts Portal. TACC Accounts Portal utilities include MFA pairing, as well as password, user-profile, and subscription management. You may also view detailed account information such as your UID, default GID, and home directory path.

Login to the TACC Accounts Portal, select "Multi-factor Auth" in the left-hand navigation, then select your pairing method (Figure 1.).

TACC offers two mutually-exclusive authentication (pairing) methods: 1) Authenticator applications e.g., Google Authenticator, Duo, 1Password and 2) Standard SMS text messaging. You may choose to authenticate with one, and only one, method.

Follow the examples below where we demonstrate how to pair using the DUO authentication app and standard SMS.

Example: Pairing with an Authentication App

Users with Apple iOS and Android devices may set up device pairing using a one of a variety of authentication applications available for both platforms. Table 1. below features a few of the more popular applications along with links to the respective Apple App and Google Play stores.

Table 1. MFA Apps

MFA App	IOS/Apple devices Apple App Store	Android Google Play
	1Password	1Password
	Duo	Duo
	Google Authenticator	Google Authenticator

1. Download and install your preferred MFA App on your Apple IOS or Android device. This tutorial demonstrates pairing with the Duo App, though you may use any any MFA app you like.

2. Select "Authenticator App" to proceed to the authentication application pairing screen (Figure 2).

3. Open the authentication app on your device. Tap the "+" in the upper right corner of the app to start the pairing process. The app will launch the mobile device's camera. Scan the generated QR code on your computer screen. Do not scan the image on this tutorial's page. Enter the Duo token code shown on your device (Figure 3) and then enter that token into the web form (Figure 2. above).

4. You've now paired your device! (Figure 4) If you have any problems with this process, please submit a help ticket.

Example: Pairing with SMS (text) Messaging

Instead of using an authentication application, you may instead enable multi-factor authentication with SMS, standard text messaging. Follow the instructions on the SMS pairing form below (Figure 5).

Logging into TACC Resources

Once you've established MFA on your TACC account, you'll be able to login to all TACC resources where you have an allocation.

When logging into a TACC resource you'll be prompted for your standard password, and then prompted for a "TACC Token Code". At this point a text message will be sent to your phone with a unique six-digit code. Enter this code at the prompt.

This token code is valid for this login session only and cannot be re-used. It may take up to 60 seconds for the text to reach you. We advise clearing out your text messages in order to avoid confusion during future logins.

A typical login session will look something like this:

% ssh -l taccusername ls6.tacc.utexas.edu
To access the system:

1) If not using ssh-keys, please enter your TACC password at the password prompt
2) At the TACC Token prompt, enter your 6-digit code followed by <return>.  

(taccusername@ls6.tacc.utexas.edu) Password: 
(taccusername@ls6.tacc.utexas.edu) TACC Token Code:
Last login: Fri Jan 13 11:01:11 2023 from 70.114.210.212
------------------------------------------------------------------------------
Welcome to the Lonestar6 Supercomputer
Texas Advanced Computing Center, The University of Texas at Austin
------------------------------------------------------------------------------
...
% 

After typing in your password, you'll be prompted for "TACC Token Code:". At this point, turn to your mobile device/phone, open your authenticator application and enter in the current token displayed..

• If you've paired with an authenticator app, open the app and the enter the six-digit number currently being displayed. If you mis-type the number, just wait till the app cycles (every 30-60 seconds) and try again with the next number.

• If you've paired with SMS, you'll receive a text message containing a six digit verification code. Enter this code at the TACC Token Code: prompt. Please note that it may take up to 60 seconds for the text containing the token code to reach you. Each token code is valid for one login only and cannot be re-used.

Unpairing your Device

1. Login to the TACC Accounts Portal, click on Multi-Factor Auth in the left-hand navigation, and click the "Unpair" link to proceed (Figure 6).

2. You'll unpair your device via the same method you originally paired: by authentication app or by SMS. If you've lost access to the device you originally paired with, you may unpair using email notification (Figure 7).

3. Similar to the pairing process, you must verify unpairing by entering your device's token code when prompted (Figure 8).

4. Once you've unpaired with this device, you are free to pair again with another device or another method (Figure 9). If you had paired using an authentication app, be sure to remove the corresponding TACC entry.