Multifactor authentication, or MFA, is the current hot topic in the U.S. government realm when it comes to cybersecurity. An executive order for federal entities and national labs requires implementation of multifactor authentication by Sept. 30. This is in response to last year’s data breach in which millions of federal (and nonfederal) employees’ sensitive data was stolen.
Multifactor authentication means that a class of individuals who access certain types of data will need to use two different forms of identification in order to log in to these systems. In our case, this will include both a password and a cryptographic key called an RSA token. (Some users, particularly system administrators, are called “privileged users.” These users have different authentication requirements and have already been contacted by members of the MFA project team.)
While this initiative sounds burdensome, we have worked hard to minimize the impact to the lab. The majority of our scientific and laboratory users will be exempt from having to use multifactor authentication. Only those people who work with personally identifiable information (such as date of birth, SSN and visa numbers) or business confidential information will be affected ― that means fewer than 300 of the lab’s 1,800 employees.
For those of you who are affected, once again, we are trying to ease the burden. Multifactor authentication will be required only when you need to access those systems containing sensitive information. No one will need to use it to access the web, read email or conduct much of their laboratory business.
We will soon begin working with a group of pilot users to test our multifactor implementation to make sure things are working properly. We will begin training these users over the next several weeks. After that, we will contact the remainder of people who work with personally identifiable or business confidential information. If you are one of these individuals, please be on the lookout for this information later this month.
It is important that the laboratory be a good steward of the digital data that we are entrusted to keep safe.
If you have any questions or concerns about multifactor authentication, please ask a question via the Fermilab Multifactor Authentication website, http://eworkhub.fnal.gov. There, you can also learn more about what applications and resources require multifactor authentication and more. This website will grow over the next two months, so check back.