Multifactor Authentication at TACC
Last update: April 26, 2023
TACC requires Multi-Factor Authentication (MFA) as an additional security measure when accessing all compute and storage resources.
What is Multi-Factor Authentication?
Authentication is the process of determining if you are you. Traditional methods of associating a user account with a single password have not been 100% successful. Multi-Factor Authentication (MFA) requires another step, or "factor", in the authenticaton process. In addition to the usual password users must complete authentication using another device unique to them, usually the user's mobile phone/device.
Setting up MFA at TACC
New users and account holders will not be able to pair a new device, or generate a QR Code, until after your account request is accepted by TACC Staff. Account requests are usually approved within 24 hours.
1. Manage Account
Sign into the TACC Portal (Figure 1a), then click on "Manage Account" under your name in the top right-hand corner (Figure 1b):
From the "Manage Account" page, click "Pair a Device" to continue to the TACC device pairing page (Figure 2.).
2. Select Pairing Method
TACC offers two mutually-exclusive authentication (pairing) methods. You may choose to authenticate with one and only one method.:
- Authenticator applications e.g., Google Authenticator, Duo, 1Password
- Standard SMS text messaging.
Users located outside the U.S. must pair using a Multi-Factor Authentication app method. Because the cost associated with sending multiple international text messages is prohibitive, international users may NOT set up multi-factor authentication with SMS.
Users with Apple iOS and Android devices may set up device pairing using a one of a variety of authentication applications available for both Android and iPhone devices.
Download and install your preferred MFA App on your Apple IOS or Android device, then follow the app instructions to pair your mobile device. Table 1. features a few of the more popular applications along with links to the respective Apple App and Google Play stores.
Table 1. MFA Apps
|Operating System||MFA Authentication Apps|
|IOS / Apple devices
Apple App Store
|Duo⇗ 1Password⇗ Google Authenticator⇗|
|Duo⇗ 1Password⇗ Google Authenticator⇗|
SMS (text) Messaging
Instead of using an app, users may instead enable multi-factor authentication with SMS, standard text messaging.
When logging into a TACC resource you'll be prompted for your standard password, and then prompted for a "TACC Token Code". At this point a text message will be sent to your phone with a unique six-digit code. Enter this code at the prompt.
This token code is valid for this login session only and cannot be re-used. It may take up to 60 seconds for the text to reach you. We advise clearing out your text messages in order to avoid confusion during future logins.
Example: Pairing with an Authentication App
This tutorial demonstrates pairing with the Duo App, though you may use any any MFA app you like.
Begin by pressing the "Pair Device" button in the upper-right corner of "Manage Account" page (Figure 3).
Select "Token App" from the Authentication Pairing page (Figure 4a), then click on the empty box to generate a personalized QR code (Figure 4b).
Open the Duo App on your device. Your mobile device screen should appear similar to Figure 5a. Tap the "+" in the upper right corner of the app to start the pairing process. The app will launch the mobile device's camera. Scan the generated QR code on your computer screen. Do not scan the image on this tutorial's page. Show the Duo token code on your device (Figure 5b) and then enter that token into the web form (Figure 5c).
You've now paired your device! (Figure 6.) If you have any problems with this process, please submit a help ticket.
Logging into TACC Resources
Once you've established MFA on your TACC account, you'll be able to login to all TACC resources where you have an allocation. A typical login session will look something like this:
% ssh -l slindsey ls6.tacc.utexas.edu To access the system: 1) If not using ssh-keys, please enter your TACC password at the password prompt 2) At the TACC Token prompt, enter your 6-digit code followed by <return>. (email@example.com) Password: (firstname.lastname@example.org) TACC Token Code: Last login: Fri Jan 13 11:01:11 2023 from 184.108.40.206 ------------------------------------------------------------------------------ Welcome to the Lonestar6 Supercomputer Texas Advanced Computing Center, The University of Texas at Austin ------------------------------------------------------------------------------ ... %
After typing in your password, you'll be prompted for "
TACC Token Code:". At this point, turn to your mobile device/phone, open your authenticator application and enter in the current token displayed..
If you've paired with an authenticator app, open the app and the enter the six-digit number currently being displayed. If you mis-type the number, just wait till the app cycles (every 30-60 seconds) and try again with the next number (figure 9b).
If you've paired with SMS, you'll receive a text message containing a six digit verification code (figure 9a). Enter this code at the
TACC Token Code:prompt. Please note that it may take up to 60 seconds for the text containing the token code to reach you. Each token code is valid for one login only and cannot be re-used.
International Users and Travelers
Users located outside the U.S. must pair using a Multi-Factor Authentication app of your choice. Because the cost associated with sending multiple international text messages is prohibitive, international users may NOT set up multi-factor authentication with SMS.
Unpairing your Device
Unpair your device via the same method you paired:You'll unpair via the same method you paired: by app token or by SMS. If you've lost access to the device you originally paired with, you may unpair using email notification.
Go to your "Manage Account" page (Figure 7a), and click the "Unpair" link to proceed (Figure 7b).
Similar to the pairing process, you must verify unpairing by entering your device's token code when prompted (Figures 8a and 8b).
Once you've unpaired with this device, you are free to pair again with another device or another method.