Skip to Content.
Sympa Menu

sphenix-l - Re: [Sphenix-l] webmail + MFA

sphenix-l AT lists.bnl.gov

Subject: sPHENIX is a new detector at RHIC.

List archive

Chronological Thread  
  • From: pinkenburg <pinkenburg AT bnl.gov>
  • To: PHENIX Current Participants <phenix-p-l AT lists.bnl.gov>, "sphenix-l AT lists.bnl.gov" <sphenix-l AT lists.bnl.gov>
  • Subject: Re: [Sphenix-l] webmail + MFA
  • Date: Thu, 2 Apr 2020 12:42:53 -0400

Hi folks,

small correction - using 4 identical recovery codes is a bad idea - they burn all in one shot. Once you use one it gets removed from the list but you can go back to settings and 2 factor authentication and refill or change them. There don't seem to be a restriction in terms of length or what characters to use.

Chris


On 4/2/2020 9:16 AM, pinkenburg wrote:
Hi folks,

a small remark at the beginning to clear up some confusion I heard:

Only BNL domain accounts which use BNL's  office 365 outlook  and itd's mail are not affected by this change to IMAP access
Accessing rcf mail via any client (even outlook) needs the ssh tunnel or vpn (where vpn again needs a BNL domain account)
Outgoing mail does not use IMAP and is therefore not affected (in clear text, you do not have to change the outgoing server)

And now to webmail:

webmail has been upgraded and one can prepare and activate the 2 factor authentication which will be mandatory April 6th. Open webmail.rhic.bnl.gov in your browser and enter your credentials (remember webmail uses a separate password database, last years password change only affected your rcf login password). The procedure is surprisingly painless, you will need to install the google authenticator on your cell phone. Instructions are here:

https://www.racf.bnl.gov/docs/services/email/MFA

After logging into webmail, go to settings, at the bottom you can click on "2-Factor Authentication"
You can enter 4 recovery codes, used when you don't have access to your cell phone (those 4 can be identical, don't tell anyone) and are prompted for the authenticator code during login.

Hit "generate secret" then save save which makes a "show qr code" button appear which you then scan with your google authenticator. You can enter the code you get from the authenticator in  the Check Code field to check if the code you get from the authenticator is working. Up to April 6 this is optional but you might as well click Activate to run with MFA from now on. Probably you want to log out and try if you get back in again. After prompting for the account and password it'll ask for the authenticator code and then you are in.

Keep your cell with you at all times (at least the times when you want to read mail via webmail)

Chris


--
*************************************************************

Christopher H. Pinkenburg ; pinkenburg AT bnl.gov
; http://www.phenix.bnl.gov/~pinkenbu

Brookhaven National Laboratory ; phone: (631) 344-5692
Physics Department Bldg 510 C ; fax: (631) 344-3253
Upton, NY 11973-5000

*************************************************************





Archive powered by MHonArc 2.6.24.

Top of Page