BMB/Chemistry’s transition to using two factor authentication

Two factor authentication (a.k.a, 2FA or MFA) is being deployed throughout the University for securing your accounts on various services like Teams and HR Direct. Because BMB/Chemistry must also comply with 2FA requirements, we will be deploying 2FA on remote services, such as editor access to WordPress sites and changing your LDAP password.

Staring Monday, November 29, 2021, 2FA will be required
for WordPress editing and LDAP password changes

Please be assured that the BMB/Chemistry team is available to help you when the transition to 2FA begins.

What you need to know:

  1. Preparing for 2FA
  2. How you will log in to a BMB/Chemistry WordPress site (to edit a site)
  3. How you will log in to the LDAP server (to change your LDAP password)

(NOTE: Logging into WordPress is only needed if you are responsible for editing a particular WordPress site.)

Preparing for 2FA:

  1. Ensure that you have a 2FA app installed on your phone.

    Currently, the University supports the use of the app DUO for 2FA. You can also use DUO for 2FA with BMB/Chemistry’s services, but you can use other apps, if you prefer. Any 2FA app that supports TOTP can be used.

    Examples of other compatible 2FA apps (including platform and author):

    – Microsoft Authenticator (iPhone or Android — Microsoft)
    – andOTP (Android — Jakob Nixdorf)
    – Google Authenticator (iPhone or Android — Google)
    – TOTP Authenticator (iPhone or Android — BinaryBoot)
    – Authy (iPhone or Android — Twilio)

  2. Go to https://idea.chem.umass.edu, log in using your LDAP credentials, and follow the prompts to create a 2FA token.

    (Screenshots using DUO Mobile with Step 2 above.)

    (NOTE: You must be either on campus or using the campus VPN in order to reach the 2FA token server above.)

If you have a 2FA app and you need help using it, send an email to ithelp@biochem.umass.edu or ithelp@chem.umass.edu and we’ll help you.

Logging in to WordPress with 2FA:

(This will not work until November 29, 2021.)

  1. Have your phone with the 2FA app ready
  2. Go to the admin page of the site
    (e.g., https://elements.chem.umass.edu/your_site/wp-admin)
  3. Enter your LDAP username (same as NetID)
  4. Tab or click in the Password field
  5. Enter your LDAP password (but don’t press ENTER or click Log In)
  6. Look up the 6-digit number in your 2FA app
  7. Enter the 6-digit number immediately after the password you typed
    Example:
    – with password “HelloBadPassword” and 6-digit code “123456”
    – the password field would contain (without the quotes) “HelloBadPassword123456”
  8. Now hit ENTER or click Log In

Logging in to LDAP with 2FA (to change your LDAP password):

  1. Have your phone with the 2FA app ready
  2. Go https://it.biochem.umass.edu or https://it.chem.umass.edu
  3. Click “Set you LDAP password”
  4. Enter your Username
  5. Tab or click in Password field
  6. Enter your password
  7. Press ENTER or click Login
  8. If you have already created a 2FA token, then you will be prompted to enter a 2FA code
    If you are presented with:
    Unable to start 2-factor authentication because no tokens were found.
    Then click the link on that page that reads “click here to configure a 2FA token”,
    and follow the instructions.
  9. Look up the 6-digit code on your app
  10. Enter the 6-digit code
  11. Press ENTER or click Submit
  12. You can change your LDAP password now