Most Research Computing services, such as the FASRC high performance computing cluster or VPN, are protected by two-factor authentication — access requires providing a normal password and a time-dependent “verification code.” We use a package, built on open standards, that we call OpenAuth to provide the two-factor authentication. This replaces the system we formerly used, RSA SecurID.

NOTE: If you are taking a class where you have been given a generic account and token, please see the Manual OpenAuth page.

REQUESTING YOUR TOKEN
Please visit the following link, using your RC account and password, to setup your account to work with OpenAuth:
https://software.rc.fas.harvard.edu/oa
Note: Clicking this link will cause an email to be sent to you. That email will contain a link to the OpenAuth install page with instructions, download links and your personalized token.

• This site will prompt you for your Harvard FAS Research Computing username and password. If you don't yet have an account, you can request one here.
• Since the site uses email verification to authenticate you, you must also have a valid email address on record with us.
• All OpenAuth tokens are software-based, and you will choose whether to use a smart phone (the page will display a QR code for use in Google Authenticator [Android or iOS] or to allow display of the code in Duo Mobile [in addition to your Key code - these are two separate tokens]) or the java desktop app to generate your verification codes. (Java 1.6 is required for the desktop app.).
  • Attention MacOS 10.15 (Catalina) users: For the Java desktop app, follow steps 1 through 7 on this page if you have an issue installing legacy Java 6 on Mac OS 10.15 Catalina.

Once you complete the quick steps in the above site, you'll be all set to use OpenAuth. You may also revisit that site in order to setup your token on an additional device (you'll still be able to use your original device, too).

Having Trouble after setting up your token?

REVOKING/RESETTING
Please keep in mind the revoke link if you ever lose the device with your token or otherwise insecurely handle your token and need to start over with a new one.

If you need to set up on a new phone or computer, just re-do the steps above. You only need to revoke a token if your device is lost or stolen or you token stops working.

TROUBLESHOOTING
For additional OpenAuth troubleshooting, including time synchronization, please see here.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Attribution.