INFN wiki

User Tools

Site Tools

Trace:
cn:ccr:aai:doc:2fa-en

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cn:ccr:aai:doc:2fa-en [2024/09/30 09:48] enrico@infn.itcn:ccr:aai:doc:2fa-en [2025/10/23 15:44] (current) enrico@infn.it
Line 1: Line 1:
 +====== 2FA - Two Factor Authentication ======
  
 +The protection of user credentials is of utmost importance. Two-Factor Authentication (2FA) is a powerful security tool in the field of cybersecurity, enabling us to deploy a mechanism that counters certain cyber threats, making credential theft extremely difficult, if not impossible.
 +
 +We know that passwords can be "stolen" or disclosed to third parties (either voluntarily or involuntarily). By using Two-Factor Authentication, the impact of a "stolen" password is significantly reduced because your account is protected not only by something "you know" (i.e., the password), but also by something "you possess," such as a one-time code generated by a number generator available through the "vault" service or installed via a specific application on your smartphone or PC.
 +
 +Starting today, you can enable this new feature by following the instructions available at this link: https://wiki.infn.it/cn/ccr/aai/doc/2fa/req.
 +
 +The procedure is very simple:
 +
 +  * Request activation through AAI authentication (currently reserved for employees, associates, guests) by accessing the web service at https://mfa.app.infn.it/.
 +  * Register the "unique secret" in your "personal vault," available in the vault service https://vault.infn.it/ or in your chosen application.
 +
 +During the usual login via INFN-AAI, an additional step will be required where you will be asked to enter the OTP (One-Time Password), which is a six-digit number generated by your "personal vault" or chosen application.
 +
 +Once activated, Two-Factor Authentication will be required to access all web services connected to INFN-AAI, with the sole exception of the Indico agenda (as the service is open to everyone) and the password management (or "personal vault") service at https://vault.infn.it/#/login (as this service is already protected by an additional master password).
 +
 +As with all activations of second-factor authentication, the INFN Computing and Networks Commission (CCR) defined a deployment plan that has been approved by the GE and directors. This plan includes a period where activation is voluntary, followed by a phase where those who have not activated the second factor will be required to do so in order to access IT services.
 +
 +[[cn:ccr:aai:doc:2fa-en:rapid|]] <color #ed1c24>**  -->> Added on 03/13/2025**</color>
 +
 +[[cn:ccr:aai:doc:2fa-en:app|]]
 +
 +[[cn:ccr:aai:doc:2fa-en:req|]]
 +
 +[[cn:ccr:aai:doc:2fa-en:ppr|]] <color #ed1c24>**  -->> Added on 04/07/2025**</color>
 +
 +[[cn:ccr:aai:doc:2fa-en:New-smartphone|]] <color #ed1c24>**  -->> Added on 22/10/2025**</color>
 +
 +<color #ed1c24>**Support Requests**</color>
 +
 +**To request support send an email to: aai-support@infn.it**
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki