MAX IV is committed to using Multi Factor Authentication for all external access to anything that is more than purely informational.
Raising the bar
Multi Factor Authentication is adding another factor into the authentication process, one that does not depend on knowing the username and password. Those are usually the ones that a bad actor have managed to obtain via some other path. Using a one-time password is one commonly used technology to achieve 2-factor authentication.
All external access to MAX IV resources requires two-factor authentication via Time-Based One-time Password (TOTP). The one-time password can be distributed via email, SMS or be generated via an application on your mobile phone. Both email and SMS methods have inherent weaknesses and will only be used for the initial setup and registration of a TOTP application. SMS has previously been used extensively at MAX IV, but is being phased out in favor of using a TOTP application for generating the token.
Activating a TOTP application
Using a mobile application to generate the Time-based One-Time Password (TOTP) has many advantages over receiving a SMS message, both from security and practical point of views. There are many OTP applications in the respective mobile phone app stores. Some are also available for desktop use. Pick the one that works best for you. Some examples: Pocket Pass, Authy by Twilio, Google Authenticator, Microsoft Authenticator and many more.
You can activate the application for use at MAX IV here: MAX IV – TOTP Registration Just follow the instructions on the web page.