BMB/Chemistry’s transition to using two factor authentication

Two factor authentication (a.k.a, 2FA or MFA) is being deployed throughout the University for securing your accounts on various services like Teams and HR Direct. Because BMB/Chemistry must also comply with 2FA requirements, we have deployed 2FA on remote services, such as editor access to WordPress sites and changing your LDAP password.

(NOTE: Logging into WordPress is only needed if you are responsible for editing a particular WordPress site.)

Establishing a 2FA token:

  1. Ensure that you have a 2FA app installed on your phone.

    Currently, the University supports the use of the app DUO for 2FA. You can use DUO for 2FA with BMB/Chemistry’s services, but you can also use other apps, if you prefer. Any 2FA app that supports TOTP can be used.

    Examples of other compatible 2FA apps (including platform and author):

    – Microsoft Authenticator (iPhone or Android — Microsoft)
    – andOTP (Android — Jakob Nixdorf)
    – Google Authenticator (iPhone or Android — Google)
    – TOTP Authenticator (iPhone or Android — BinaryBoot)
    – Authy (iPhone or Android — Twilio)

  2. While you’re on campus or connected to the campus VPN, go to https://idea.chem.umass.edu, log in using your LDAP credentials, and follow the prompts to create a 2FA token.

    – For example, here are some screenshots using DUO Mobile.

    (Remember, you must be either on campus or using the campus VPN in order to reach the 2FA token server above.)

If you have a 2FA app and you need help using it, send an email to ithelp@biochem.umass.edu or ithelp@chem.umass.edu and we’ll help you.

Logging in to WordPress with 2FA:

  1. Have your phone with the 2FA app ready
  2. Go to the admin page of your WordPress site
    (e.g., https://elements.chem.umass.edu/[your_site]/wp-admin)
  3. Enter your LDAP username (same as NetID)
  4. Tab or click in the Password field
  5. Enter your LDAP password (but don’t press ENTER or click Log In)
  6. Look up the 6-digit number in your 2FA app
  7. Enter the 6-digit number immediately after the password you typed
    Example:
    – with password “HelloGoodPassword” and 6-digit code “123456”
    – the password field would contain (without the quotes) “HelloBadPassword123456”
  8. Now hit ENTER or click Log In

Logging in to LDAP with 2FA (to change your LDAP password):

  1. Have your phone with the 2FA app ready
  2. Go https://it.biochem.umass.edu or https://it.chem.umass.edu
  3. Click “Set your LDAP password”
  4. Enter your Username
  5. Tab or click in Password field
  6. Enter your password
  7. Press ENTER or click Login
  8. If you have already created a 2FA token, then you will be prompted to enter a 2FA code
    If you are presented with:
    Unable to start 2-factor authentication because no tokens were found.
    Then click the link on that page that reads “click here to configure a 2FA token”,
    and follow the instructions.
  9. Look up the 6-digit code on your app
  10. Enter the 6-digit code
  11. Press ENTER or click Submit
  12. You can change your LDAP password now