Starting January 05, 2023, ImmPort will enforce Multi-factor Authentication (MFA) on the Private Data Management Portal (immport.niaid.nih.gov) for enhanced security. Upon successful log in, ImmPort users will be redirected to the MFA registration page to configure an MFA method for obtaining one-time password (OTP) codes. Please read below for more details.
Please note that, MFA is not enforced on the Shared Data Download Portal (www.immport.org). ImmPort users can continue to login to the download portal with their username and password to download the publicly available data sets without MFA.
What is Multi-Factor Authentication (MFA)?
Multi-factor authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.
Why is MFA Important?
The main benefit of MFA is it will enhance your data security by requiring you to identify yourself by more than a username and password. While important, usernames and passwords are vulnerable to brute force attacks and can be stolen by third parties. Enforcing the use of an MFA factor means increased security to your data.
How Does MFA work?
MFA works by requiring additional verification information (factors). One of the most common MFA factors that users encounter are one-time passwords (OTP). OTPs are those unique codes that you often receive via email, SMS or some sort of mobile app. With OTPs a new code is generated periodically or each time an authentication request is submitted. The code is generated based upon a seed value that is assigned to the user when they first register and some other factor which could simply be a counter that is incremented or a time value.
ImmPort MFA Registration
ImmPort provides the following two authentication methods for MFA authentication.
1. Authenticator App: Register a time-based one-time password (TOTP) authenticator app for obtaining one-time-passwords for MFA authentication.
2. Email OTP Code: Register your email address for obtaining one-time-passwords for MFA authentication.
Register a time-based one-time password (TOTP) app for obtaining one-time-passwords for MFA authentication. To configure TOTP you will need to install an authenticator application that can generate OTPs such as Authy, Google Authenticator or Microsoft Authenticator on your mobile or laptop device.
Enter the OTP code from your registered app to enable MFA authentication. A backup OTP code can be sent to your registered email if you don't have your authenticator app.
Email OTP Code
Register your email address for obtaining one-time-passwords for MFA authentication.
You will receive an OTP code to your registered email address.
Note: The OTP code sent to your email will expire in 10 minutes. If expired or invalid, you can request another OTP code.
Enter the OTP code from your email to enable MFA authentication.
Access your "My Profile" page to update MFA authentication method, registered email address, registered authenticator app.
Please contact the ImmPort helpdesk(ImmPort_Helpdesk@immport.org) for assistance.