...
If logging into O2 from... | Will two factor authentication be required? |
---|---|
HMS wired network connection in an HMS on-campus building (Note that this may exclude certain cases where labs from HMS affiliates have office space in an HMS building like the NRB) | No |
HSDM and HSPH networks | No |
When logged into the HMS VPN - from anywhere (Please do NOT copy large files to/from O2 when on VPN.) | No |
"HMS Private" wireless network | No |
------------------------------------------------------------------------- | ------ |
"HMS Public" wireless network | Yes |
Other Harvard networks (FAS, etc) | Yes |
Networks at all other HMS affiliates (hospitals, etc) | Yes |
Any other external network (home, etc), NOT using the HMS VPN | Yes |
an HMS system (even on campus) which has a public-facing IP address (This is mostly for web and other application servers, not your desktop) | Yes |
within O2... | Will two factor authentication be required? |
ssh/copy from O2 login nodes to transfer.rc.hms.harvard.edu | Yes |
ssh from one login node to another login node | Yes |
------------------------------------------------------------------------- | ------ |
ssh from one transfer node to another transfer node | No |
ssh/copy from compute node to transfer.rc.hms.harvard.edu | No |
copy from interactive job to/from transfer.rc.hms.harvard.edu | No |
copy batch job to/from transfer.rc.hms.harvard.edu | No |
Summary
- Previously, O2 only required a password login using your eCommons ID.
- Security has been dramatically increased for the data and account credentials on O2. Over time, there have been increased hacking attempts.
With this change, two factor authentication will be Two factor authentication is required to access both regular login servers and file transfer servers:
- o2.hms.harvard.edu
- Includes all O2 login servers: login01.o2.rc.hms.harvard.edu , login02.o2.rc.hms.harvard.edu, etc...
- transfer.rc.hms.harvard.eduorchestra.med.harvard.edu (which now just redirects to O2)
With two-factor authentication, your O2 login additionally requires a secondary validation such as a security code sent to your cell phone or a code generated by an application such as Duo Mobile.
...