openauth

Most Research Computing services, such as the Odyssey high performance computing cluster, VPN, and anything that prompts for “Verification code”, (but not Spinal), are protected by two-factor authentication — access requires providing a normal password and a time-dependent numeric code. We use a package, built on open standards, that we call openauth to provide two-factor authentication. This replaces the system we formally used, RSA SecurID. Please visit the following site to setup your account to work with openauth:

https://software.rc.fas.harvard.edu/openauth

The site will prompt you for your Harvard FAS Research Computing username and password. If you don’t yet have an account, you can request one here. Since the site uses email verification to authenticate you, you must also have a valid email address on record with us. All openauth tokens are software-based, and you will choose whether to use a smart phone or java desktop app to generate your verification codes. Java 1.6 is required for the desktop app. You must close your browser in order to logout of the site when you’re done.

Once you complete the quick steps in the above site, you’ll be all set to use openauth. You may also revisit that site in order to setup your token on an additional device (you’ll still be able to use your original device, too). Please keep in mind the revoke link if you ever lose the device with your token or otherwise insecurely handle your token and need to start over with a new one.

For more details on openauth, including troubleshooting any issues you might have and a note on the requirements of your computer’s clock, please see our Knowledge Base on openauth.