Background

In order to login to an NSC cluster that is not using two-factor authentication you need a username and a password (or a username and an SSH private key¹).

Both passwords and SSH keys are possible to steal². Stolen passwords or SSH keys can then be used by unauthorized persons to login to the cluster.

Why this matters

Any intrusion that gives access to a user account puts that project’s data at risk. It can be read and copied, modified or deleted.

But the problem is not limited to just that one project. Once logged in, an attacker will typically also use the account to try and elevate his privileges³ and gain full administrative access to the cluster. If successful, all project data is at risk, and it is also possible to plant back doors or malware that continues to steal new data or user credentials.

If such an intrusion is not detected, the attacker can continue doing damage for a long time. The first time it’s noticed might be when your research data is published by someone else.

If such an intrusion is detected, NSC will have to take the cluster offline for lengthy (probably weeks rather than days) investigations and cleanup work⁴. This means you will temporarily lose access to the cluster and your data, and NSC will have to spend lots of time on cleanup, time we would much rather spend on helping you do research on our systems.

So all intrusions are bad, and we would really like to avoid them if possible.

Why TOTP

This method is used by Google, Twitter, Microsoft and many others. It's also already in use within SNIC (e.g SUPR, LUNARC, UPPMAX).

Our reasons for choosing TOTP:

• It requires no distribution of physical tokens (e.g Yubikeys) to users
• It is quick and easy to implement on our clusters
• It is already familiar to many users
• It requires no extra software installation on user’s computers