Search Docs by Keyword

Table of Contents

OpenAuth

Most Research Computing services, such as the FASRC high performance computing cluster or VPN, are protected by two-factor authentication — access requires providing a normal password and a time-dependent “verification code.” We use a package, built on open standards, that we call OpenAuth to provide the two-factor authentication.

REQUESTING YOUR TOKEN

Please visit the following link, using your RC account username and password, to setup your account to work with OpenAuth: https://two-factor.rc.fas.harvard.edu

Note: Clicking this link will cause an email to be sent to you. That email will contain a link to the OpenAuth install page with instructions, download links and your personalized token. The download link is valid for 24 hours.

  • This site will prompt you for your Harvard FAS Research Computing username and password. If you don’t yet have an account, you can request one here.
  • Since the site uses email verification to authenticate you, you must also have a valid email address on record with us.
  • All OpenAuth tokens are software-based, and you will choose whether to
    – use a smart phone app (the page will display a QR code for use in Google Authenticator [Android or iOS] or to allow display of the code in Duo Mobile [in addition to your Harvard Key code – these are two separate tokens])
    – or use 1Password on your phone or desktop to generate your verification codes. HUIT provides 1Password to members of Harvard.
    – or the java desktop app to generate your verification codes. (a Java runtime is required for the desktop app to function – Java install help page). For most operating systems you will simply double-click the Jauth.jar file to start the java applet. There are also scripts for Windows (,bat) and Linux (.sh) if needed.

Once you complete the quick steps in the above site, you’ll be all set to use OpenAuth. You may also revisit that site in order to setup your token on an additional device (you’ll still be able to use your original device, too).

Having Trouble after setting up your token?

NOTE: If you need to set up on a new phone or computer, you do not need to revoke your token. Just re-do the steps at the top of this page for Requesting Your Token. You only need to revoke a token if your device is lost or stolen or you token stops working.

REVOKING/RESETTING Please keep in mind that you can revoke your token if you ever lose the device with your token or otherwise insecurely handle your token and need to start over with a new one. This is also useful if your token has time drift or otherwise stops working.
To revoke your token visit two-factor.rc.fas.harvard.edu/oa/revoke

After revoking the token, remove your token from any existing device: If using the java applet, delete that folder from your computer. If using a phone app, remove that token entry from the app. You will then need to re-do the process at the top of the page to install a new token.

TROUBLESHOOTING For additional OpenAuth troubleshooting, including time synchronization, please see here.

© The President and Fellows of Harvard College
Except where otherwise noted, this content is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International license.