Up to now, we have depended on unix userid/passwords to restrict access to the JHPCE cluster. Unfortunately, it is well known that passwords are hopelessly obsolete and we cannot depend on a string of characters for protection. Don’t believe me? Read this hair-raising account.
The need to protect research data and university intellectual property from unauthorized access and actors with malicious intent, has never been greater than it is today. NIH data-use agreements and HIPAA regulations require us to implement “best practice” security protocols whenever possible .
To address these issues, we will soon require two-factor authentication to access the JHPCE cluster. Two-factor authentication is a security strategy that requires two forms of authentication to access a system. Two independent credentials are required: (1) Something you know, i.e. a password and (2) something you have, e.g. a specific smart phone or a specific laptop. Configuring two-factor authentication on the JHPCE cluster should take no-more than 10 minutes. You run an app on the login server and you install and configure a free app on your smart phone (apple or android). You use information provided by the server app to configure your smart phone app. Thereafter, every time access the JHPCE login server with a password, you will be prompted for an additional 6 digit “token” that is generated by your smart phone. Instructions and more details on two-factor authentication are on the JHPCE web site.
Those of you who already use key-pair authentication to login from specific machines, will not be prompted for either a password or the 6-digit token, so this will not impose any additional burden on you. Also, if you do not own a smart phone, there is a google chrome extension that will generate the 6-digit tokens. Your smart phone requires neither a wi-fi or cell phone connection to generate the 6-digit token. Note that the google-authenticator code was developed by google software developers, but there is no interaction with any google servers at any time.
Google two-factor authentication has been in place on the login nodes since last spring as an optional capability. Over the past two months we have required all new users to use two-factor authentication. The authentication system is now well tested and we are recommending that you configure 2-factor authentication as soon as is possible. On April 1, you will be locked out of your account if you have not configured two-factor authentication. Prior to that date we will schedule periodic in-person help sessions for anyone having difficulty configuring two-factor authentication.
For instructions on setting up 2 Factor Authentication in the JHPCE cluster, please see https://jhpce.jhu.edu/knowledge-base/authentication/2-factor-authentication/.
Director Joint High Performance Computing Exchange
Associate Professor, Dept. of Molecular Microbiology & Immunology