...
This page lists the acceptable 2FA options for remote administrative access to university servers which store or process Category I data. Certain options may work better in specific environments than others - consult your local IT support staff for any implementation questions or issues. If you need to use a 2FA option not on this list, please contact us at security@utexas.edu.
Remote access to workstations and non-server devices should be handled through the UT VPN service.
Note: Users MUST utilize 2FA for servers they have administrative access to, even when authenticating to the server using non-administrative credentials, if the ability exists for users to elevate permissions to an administrative level after authenticating as a lower-privileged user. If no ability to escalate permissions exists, then only logins using administrative credentials need be secured with 2FA, unless such differentiation is not possible.
| Service type | Operating Systems | 2FA option(s) | Notes |
|---|---|---|---|
| Secure Shell | Linux, Unix, Windows, OS X | Password protected public key, or Toopher (via PAM), or PAM OATH, or VPN group with IPTables rules |
|
| Remote Desktop | Windows | Certificate-based auth, or Toopher, or VPN group with firewall rules | |
| VNC | Linux, Unix | SSH tunnel with password-protected public key, or VPN group with firewall rules | |
| Apple Remote Desktop | OS X | SSH tunnel with password-protected public key, or VPN group with firewall rules | |
| TeamViewer | * | VPN group with firewall rules, or OATH compliant app (e.g., Google Authenticator, Toopher, Duo Security) |