As most Science users have enabled their two-factor authentication, we are now going to restrict DIY functionality for accounts without a second factor. If you have not enabled a second factor, you can: Login into DIY Set a password Enable your second factor All other functionally is disabled and will lead to an ‘Insufficient access’ error. In subsequent versions of the DIY software we will (further) hide actions and listing that you will not be able to use. ...

Update 2025-05-20 This has been activated around 11 ‘o clock. On May the 20th we have enabled mandatory multifactor authentication for the following services: DIY web site. Roundcube, for reading mail. SSH from the internet to public servers, like the lilos. Below you can read how you can log in for each service. DIY Enter your Science login name, your password and the TOTP code from your authenticator app. If you have configured a Yubi key with us, you can also use the Yubi key’s OTP. ...

TOTP Authenticator Apps To generate a 6-digit code for two-factor login verification, you’ll need an app. Below is a list of apps you can use for this purpose—but if none of these suit you, there are plenty of other compatible options out there. Info ...

On the 20th of May 2025 we are enabling 2FA (second-factor-authentication) on the C&CZ services: DIY, Roundcube and SSH on the login servers. In this article you can find information on this roll-out and how to activate 2Fa on your Science account. As mentioned in an earlier news item, we’ve finished the tests and reached the following conclusions: Anyone with a Science account can enable 2FA in DIY using this procedure. For about 6 weeks you can enable 2FA in DIY. You must have activated 2FA by the 20th of May 2025 if you want to use: DIY, Roundcube or SSH on the login servers. ...

At the end of last year we’ve promised an update on how we are planning to make access to our services more secure. In this post we expand on those plans. In short: we are going to deploy 2FA on Science accounts and make it mandatory for services that are reachable from the internet. How this all works from an organizational standpoint is, at this point, not complete clear yet. Do we need a “in-person” vetting procedure? Or do we allow users to enable this themselves in DIY? Ideas on this will surface after the test period. ...