Skip to main content

Two Factor Authentication

For security considerations, some HPC clusters require multi-factor authentication (MFA). Below are the steps to set up and use MFA to access these clusters.

Multi-factor Authentication with Your Smartphone

Step 1 (one-time): Install an authenticator on your smartphone.

We recommend Google Authenticator, but any Time-based One-Time Password (TOTP) authenticator (e.g. Microsoft Authenticator, Authy etc.) would do. You can search for these authenticators in the app store as you would do for any apps on your phone.


Step 2 (one-time): Log in the cluster using your credentials.

Start this step by logging in a cluster with your favorite ssh client. Using LONI QB-4 cluster as an example, you should run:


You will see a QR code along with some text, and a prompt for the one-time token:

QR code for 2FA

Step 3 (one-time): Open the authenticator app on your phone and scan the QR code:

Google Authenticator - Scan QR Code

Step 4 (one-time): Type the 6-digit one-time token at the prompt and press enter:

Google Authenticator - Token

Note: the token will expire in 30 seconds after being generated. If it expires, simply use the new token.

Now the setup is complete.

Step 5: Log out and log back in with your ssh client. You should see the token prompt after entering your password.

Step 6: Enter the token in your authenticator at the prompt as you did in Step 4.

If you log in successfully, no token will be required again for the next 12 hours if you log in from the same IP addresss. You do need to type your password everytime.

In the future, you only need to repeat Step 5 and 6 to log in.

Multi-factor Authentication with Your Computer

If you do not have a smart phone or the authenticators do not work on your phone, you can also choose to use desktop applications. KeepPassXCis an excellent choice, which also provides a browser extension and can be used as a password manager. If you need help setting it up, please contact us at