Cluster users beware!
In preparation for higher security measures when logging in to the RWTH HPC Cluster, your HPC accounts will be switched to RegApp from 02. November 2022.
What is behind this and what will change for you?
RegApp is an application developed by KIT (Karlsruhe Institute of Technology), which enables a secured login by two-factor authentication. In the future, RegApp will manage the service passwords and ssh keys of HPC users and offer multi-factor authentication on a voluntary basis. Starting today, November 02, 2022, the pilot phase will begin in preparation for the future increased security measures.
Not much will change for you during this pilot phase.
The transition of RWTH-HPC-Accounts accounts from self-service to RegApp will be quite unobtrusive at first. Logging in on most login nodes will remain as before. Only on the node login18-4.hpc.itc.rwth-aachen.de will two-factor authentication be enabled.
The biggest difference of this change is noticeable in the password assignment of your HPC account. The passwords for the HPC accounts will no longer be assigned via the Selfservice, but via the RegApp.
But don’t worry – your accounts will not be completely deleted in Selfservice. If you are still looking for the password assignment of your HPC account in Selfservice, you will now find a corresponding redirect.
Since this is a pilot phase, the two-factor authentication does not increase security for the time being as logging in is still possible on all frontend nodes. The current phase is only intended to allow you to become familiar with the new workflows. Once RegApp goes into regular operation and the pilot phase is approx. early 2023, this additional authentication will make logging in to the cluster even more secure for you! The use of the second factor will remain optional for the time being in 2023.
First insight
Login
The RegApp login is performed via the RWTH Single Sign-On (SSO) after you have specified your home organization.
Dashboard
After the successful login you will get to the dashboard.
Here you can see your already registered services as well as the services available for registration. This is currently limited to the High-Performance Computing (HPC) account.
Under the menu item Index you will find links to the different functionalities. All these features and information about the pilot phase of RegApp can be found in our documentation, which is constantly updated.
Background knowledge – What is two-factor authentication?
We all know what we need to access most websites: our username and password. We use this pair of data to authenticate ourselves. We tell the computer who we are through our username. Then we prove that we really are who we say we are with the corresponding secret password. However, this is not a very secure way to protect resources or content. Many people use the same username and password combination for multiple websites and can expose their credentials if one of those websites is hacked. Unfortunately, easy-to-guess passwords are not uncommon either.
To strengthen protection, a second proof of identity may be required. Username/password is a knowledge-type factor: you authenticate by proving that you know something.
Multi-factor authentication (MFA) is the combination of at least two factors, ideally of different types. An example is the TAN for internet banking – you first use username/password and then have to enter a second code generated either with a TAN generator app on your smartphone or with your card and an external TAN generator.
Of course, MFA doesn’t mean you can choose an insecure first factor to remember it better (password 123456). Because if you choose an insecure first factor, you will have only one (reliable) factor left to authenticate yourself with. If this is lost, your account may be compromised.
Responsible for the content of this article is Dunja Gath und Tim Cramer.