Skip to main content

Prepare for Two-Factor Authentication

This article applies to: Managing Vendors and Consultants

CIT staff and consultants must use the RSA two-factor authentication and hopper servers when connecting to remote systems that have direct access to, or house, confidential data. This is regardless of whether the staff member’s/consultant's intent is to view or manipulate the confidential data or to do some task not related to the confidential data.

Task responsibility Task details

Cornell University

For the purpose of generating one-time codes necessary for two-factor authentication, ask the consultant what type of technology he/she plans to use: smartphone/software key fob or hardware key fob.

  • A software key fob is the RSA SecurID Token software which runs on an iPhone or Android device.
  • A hardware key fob is a compact electronic device.

For consultants working offsite, it is most cost-effective to generate one-time codes using the RSA SecurID smartphone app. If the consultant is using a smartphone, ask what type: iPhone or Android.

Cornell University

Send an email to, with a copy to your Director or Assistant Director, that includes the following content:

  1. Sponsored NetID, name, and company of the consultant.

  2. The systems the consultant will need access to through Windows or Unix hoppers.

  3. The type of access the consultant will need, for example, administrative privileges.

  4. The access time-frame—how long the vendor will need access. Normally access is renewed annually.

  5. Type of two-factor technology the consultant is using:

    • If smartphone, indicate the type of smartphone the consultant uses – iPhone or Android – so that Systems Support can issue the appropriate soft token. If using Blackberry, Windows or other smartphone, please indicate.

    • If hardware key fob, indicate this so that System Support can provide the key fob.

Additionally, if the consultant will be using Linux hoppers and UNIX servers, submit a request for an SFAM account to Systems Support using the Linux Account Request Form. Note: You must be on the Cornell network to access this form. Include the initial incident number, generated as part of requesting a sponsored NetID, with this request so Systems Support can make the correct match. Example incident number: INC0000123456789

Cornell University

If the contractor is not local and is using a hardware key fob, receive the hardware key fob from Systems Support. Send it via secure mail to the consultant.

Note: When the consultant no longer works for Cornell, have the consultant return the hardware key fob to you so that it can be recycled by Systems Support and reused.

Consultant If you are local and you are using a hardware key fob, you may pick yours up from CIT Systems Support, Rhodes Hall, Cornell University.

About this Article

Last updated: 

Monday, February 20, 2017 - 9:45am

Was this page helpful?

Your feedback helps improve the site.