RegApp and Multi-Factor Authentication (MFA)
What is RegApp?
The RegApp is the selfservice portal for High Performance Computing (HPC) accounts for the HPC clusters at RWTH Aachen university. It was introduced to enable multi-factor authentication (see below) for HPC accounts to better secure the resources and prevent unauthorized access to or hostile takeover of these accounts and the cluster.
After the RegApp went live in late 2022, all tasks related to HPC accounts such as registering for the service, changing your HPC account password, uploading and managing SSH keys were moved there. It also offers registering tokens for multi-factor authentication on a currently voluntary basis.
The articles in this section cover the different options offered by the RegApp. To start, you can also check out the step by step instructions for using CLAIX with multi-factor authentication enabled.
What is Multi-Factor Authentication?
We all know what we need to access most websites: our username and password. With this pair of data, we authenticate ourselves: we tell the computer who we are (via the username) and then prove that we are who we claim to be (as we know the secret password associated with the username). However, this is not a very secure way of protecting resources or contents. Many people use the same username/password combination for several websites and may have their access information compromised when one of them is hacked, or have easily guessable passwords.
To shore up the protection, a second proof of identity may be required – another factor when authentication ourselves. Username/password is a factor of type knowledge: you authenticate yourself by proving you know something. Other types include possession (e.g., your state-issued ID, the key to your house, or a hardware token that is registered with your account) and inherence (something you are, e.g., fingerprints, face recognition, or looking like the picture printed on your state-issued ID), as well as location (e.g., some services may only accessible if you are in front of the physical computer, or if you are logged into a certain network).
Multi-factor authentication (MFA) is the combination of at least two factors, ideally comprising different types. An example is the TAN used for internet banking – you first use username/password, and then have to enter a second code that is either generated in a TAN generator app on the smartphone, or with the card and an external TAN generator.
Does that mean once you have a second factor you can use the password password or 123456 (two of the most common passwords)? No! If you choose an insecure first factor, you are back down to only a single (reliable) factor to authenticate yourself with, and if that is lost, it might compromise your account.