Multi-Factor Authentication (MFA) for Research Computing
What is Happening?
UF is enabling multi-factor authentication (MFA) for HiPerGator and all ancillary services on October 18, 2021.
Why is This Happening?
UF is a high-value target for attacks designed to steal research data and intellectual discoveries. This change is part of our ongoing efforts to strengthen the university’s security posture: since adopting multi-factor authentication, UF has seen a 99.7% decrease in compromised accounts. MFA prevents unauthorized access to your HiPerGator account by requiring a second authentication method in addition to your GatorLink credentials.
How Does This Change the User Experience?
Once implemented, HiPerGator Secure Shell (SSH) connections will no longer accept SSH keys. Users will have to provide their GatorLink username and a password after which they will see a text menu asking them to select an MFA method. Available methods are based on what you have configured in the My Two-Factor page . Anyone who has used other UF services, like myUFL or the UF VPN, will be familiar with this process.
SSH Key-Based Authentication will be Disabled
As part of implementing MFA, key-based authentication in ssh will be disabled. Any connections, including automated scripts, set to use key-based authentication will no longer work.
What is NOT happening?
Any web-based RC services and websites, such as OnDemand, JupyterHub, Galaxy, or Support site, are already using MFA via GatorLink web authentication, so there are no changes to those services.
Samba (SMB) services will not be impacted by the implementation of MFA, so you will not be prompted to authenticate when mounting shared drives via exasmb.rc.ufl.edu or cifs.rc.ufl.edu.
The UFIT Research Computing team is committed to making this transition as seamless as possible for our community. Visit it.ufl.edu/2fa or contact the UFRC support (https://support.rc.ufl.edu) for assistance with changes to SSH key-based workflows or for issues with MFA for HiPerGator.