Context Navigation

Changes between Version 7 and Version 8 of 2faVPN

Timestamp:: 02/04/21 12:08:41 (4 years ago)
Author:: dabantz@…
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

2faVPN

-                      v7
+                      v8
+Two factor authentication provides Increased assurance for privileged VPN access to UA network.
+=== Use !YubiKey for 2FA with UA Duo account ===
+. Obtain a !YubiKey supporting OTP in form factor that works for you:
+    https://www.yubico.com/products/yubikey-hardware/
+. Download and install the !YubiKey Manager application on your computer:
+    https://www.yubico.com/products/services-software/download/yubikey-manager/
+. Configure your !YubiKey for OTP in one of its two (virtual) slots*  using detailed illustrated instructions in the Duo guide:[[br]][[br]]
+   https://duo.com/docs/yubikey
+   NOTE WELL: You will use the !YubiKey Manager to generate cryptographic keys and store them on your !YubiKey;[[br]]
+   BE PATIENT: each of the three items will take a minute or so to generate and store;[[br]]
+   DO NOT REPEAT steps by clicking multiple times - each click will restart and overwrite the previous result!
+. Send the CSV string with digital serial no, 6 byte private id, 16 bit secret key (like this:)
+    {{{
+4475749, e7 fe 84 57 55 d4, 81 84 65 01 22 db e5 00 57 f9 68 92 7f 22 4b 6a
+}}}
+    to IAM or Security, noting your UA Username, which is the Duo account to which the token will be attached.
+. IAM or Security will upload the CSV string to import your token, and assign it to your ID at Duo
+. When integrated (step 5), you can use the !YubiKey to send the second factor passcode:
+    In the password field type your password followed by comma then touch your key*; that is,
+    {{{
+password,
+}}}
+ then touch your key, which enters a one-time passcode.[[br]]
+----
+ *Which of the !YubiKey's two (virtual) slots is used is determined by the duration of your touch. The first slot is used to generate the output when the !YubiKey button is touched between 0.3 to 1.5 seconds and released and the second slot is used if the button is touched between 2 to 5 seconds.
+=== Two factor authentication for privileged VPN access to UA network ===
 As of March 2017 two VPNs require Duo two-factor authentication:[[br]]
  swf-no-1.vpn.alaska.edu and [[br]]
 …
 You can enroll telephone numbers in your Duo account if you are enrolled for use of Duo for SSO (see https://iam.alaska.edu/trac/wiki/mfa for Duo enrollment instructions).
-=== Use !YubiKey for 2FA with UA VPNs ===
-. Obtain a !YubiKey supporting OTP in form factor that works for you:
-    https://www.yubico.com/products/yubikey-hardware/
-. Download the !YubiKey Personalization Tool:
-    https://www.yubico.com/support/knowledge-base/categories/articles/yubikey-personalization-tools/
-. Configure your !YubiKey for OTP in one of its two (virtual) slots*
-   (generally shipped already programmed for OTP in slot 1) using the Duo guide:
-    https://duo.com/docs/yubikey
-. Send the CSV string with digital serial no, 6 byte private id, 16 bit secret key (like this:)
-    {{{
-4475749, e7 fe 84 57 55 d4, 81 84 65 01 22 db e5 00 57 f9 68 92 7f 22 4b 6a
-}}}
-    to IAM or Security, noting your UA Username, which is the Duo account to which the token will be attached.
-. IAM or Security will upload the CSV string to import your token, and assign it to your ID at Duo
-. When integrated (step 5), you can use the !YubiKey to send the second factor passcode:
-    In the password field type your password followed by comma then touch your key*; that is,
-    {{{
-password,
-}}}
- then touch your key, which enters a one-time passcode.[[br]]
-----
- *Which of the !YubiKey's two (virtual) slots is used is determined by the duration of your touch. The first slot is used to generate the output when the !YubiKey button is touched between 0.3 to 1.5 seconds and released and the second slot is used if the button is touched between 2 to 5 seconds.