10/31/2024 | News release | Distributed by Public on 10/31/2024 04:02
With the 2nd Fase Accomplished, the roll-out of 2-Factor Authentication (2FA) will soon be complete. After enrolling all CERN staff in 2023, in 2024 we deployed 2FA to about 12 700 computing accounts linked to CERN's user community (i.e. those fine folks who come to CERN about 5-100% a year). The final step is 2025's Full Activation of 2FA for all so-called CERN "participants" (i.e. about 7300 accounts of people who work with but never come to CERN). And, apart from some loose ends still to be tied up, we are done!
With this, CERN has put in place an essential pillar of protecting its computing facilities. 2 Fantastic Advantages to ensure that a single password cannot compromise important computing services, control systems or data storages. One of the ultimate silver bullets against ransomware attacks.
To make your life under 2FA a bit easier, however, here are 2 Fine Astuces (tips) to improve 2FA usability:
(OK, those are actually 2+2 Fine Astuces, but who cares?)
Finally, here are 2 Funny Anecdotes reported to us by users of 2FA: one user works for an institute that neither allows smartphones on site nor has USB ports for using Yubikeys enabled. Hmmm? But instead of bringing in a so-called "Token2 " device (which itself might not be allowed), that user calls his partner over a landline connection to obtain the necessary 6-digit code. The 2nd Funny Anecdote (or not?) is the user who claimed burnout due to the psychological stress of always having the 2FA token with them and, thus, always being reachable by their partner… Fortunately, those 2 Funnies Are extremely rare among the 32k users of 2FA today!
P.S. Did you count how often 2FA appeared in this text? We count 28 Full Appearances.
*Yes, this means a little reduction in computer security, but at least you will notice if your laptop disappears and your 2FA is compromised. In that respect, the loss of your laptop/Yubikey combined is the equivalent of losing your smartphone.
_______
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at [email protected].