NCSA wiki will be offline Friday, Apr 19, 2024, from 1600 hours until Sun, Apr 21, 2024 in order to upgrade Confluence.
...
Because these systems have extra per user costs, they are not made available to all projects. An NCSA project or partner must pay for NCSA multi-factor tokens/licenses for non-staff.
NCSA currently uses Duo to provide multi-factor authentication services. Duo uses offsite, cloud-based servers to provide the multi-factor capabilities and as such would not function if NCSA was cut off from the internet or if Duo was down. In these situations, Duo can be configured to fail "open" or "closed". In the first case, Duo cannot be contacted and would not be required and thus users can authenticate with a single factor (i.e. their passphrase). In the second case, Duo cannot be contacted and users would not be able to authenticate until Duo could be contacted again thereby locking users out of authenticating where multi-factor is required.
The default policy is to configure Duo to fail "closed". Systems can be configured to fail "open" with the prior approval of NCSA's Cybersecurity Division: help+sec@ncsa.illinois.edu.
Account Lockouts
Multiple failed login attempts may lockout access based on the IP address of the client system. Accounts may also be suspended globally by the Security Office.
...
...