Two-Factor Authentication: Glossary/FAQ
This page is used by
Glossary
2FA | two-factor authentication |
Challenge Response Authentication | The SIM-MFA web portal shows this message at login. Here, the second factor is required. |
MFA | multi-factor authentication The prompt on SuperMUC-NG may ask you to enter here the second factor. |
OTP | one-time password, which serves as a second factor |
Password | When asked to enter "password", please enter the password of your relevant LRZ account, which you have set in the LRZ IDM portal. |
PIN | This is some kind of additional "password" assigned to the token. We do not recommend to set a PIN for a token! |
PUSH | Push is a software token, which requires a mobile devices and an authenticator app. The app receives the push message from the 2FA server, which was triggered by the login procedure. This notification is accepted by the user to complete the login. |
Response | At login to the SIM-MFA web portal, you are asked for the second factor (2FA) via this keyword. |
Second Factor | This is a generic term for the credential generated by all 2FA methods (tokens), such as TOTP, PUSH, YubiKey or TAN list. |
TAN | TAN is a token, which provides a list of OTPs, which may be printed on a sheet of paper. |
Token | A "token" is a piece of hardware or software that serves as a second factor in authentication. Tokens for 2-factor authentication must first be registered on the SIM-MFA server at LRZ before they can be used for authentication on a LRZ service prepared for this purpose. The conventional login method uses ssh login with password or public-key authentication. The 2FA authentication will not replace that method. Rather, it will ask you for a second factor on top of the conventional login credentials. |
Token_Response | At login to the Linux Cluster, you are asked for the second factor (2FA) via this keyword. |
TOTP | TOTP is a time-based one-time password. This is a software token, which requires a mobile devices and an authenticator app. The app regularly generates an OTP, e.g. every 30 seconds. |
YubiKey | This is an individually configured USB-Key. When asked for the second factor at login (ssh or SIM-MFA portal), touching this hardware token will provide the second factor. The login procedure completes. |
FAQ
General
SIM-MFA Web Portal
Linux Cluster Access
SuperMUC-NG Access
Authenticator (PrivacyIdea) App | PUSH | TOTP
Yubikey
Workflows | Data Transfer