Identity Management, Multi-Factor Authentication, Why You Need MFA and FAQs

Why do I need multi-factor authentication?

Multi-factor authentication (MFA; encompasses 2FA/2-factor authentication) is an authentication method in which a user is granted access to a website or application after successfully presenting two or more factors, including:

  • Knowledge (something you know) - your password
  • Possession (something you have) - your MFA device

Protecting user accounts and critical systems is one of the biggest challenges of the University. Relying on passwords alone is not very effective, for many reasons, including: passwords can be leaked, and users are susceptible to phishing attacks. Multi-factor authentication can significantly reduce the likelihood of account compromise and will protect both you and the University from unauthorized access to your personal data stored in the University's enterprise systems. This additional layer of security allows for an account to be secured even if a password is stolen or compromised.

In today's cybersecurity environment, multi-factor authentication is a requirement to keep users and systems safe. The University has partnered with Duo to implement MFA.

Staff, faculty, and graduate students are required to use MFA.

Starting September 28:

Undergraduates will be required to use MFA when accessing Microsoft 365 apps (Outlook, Teams, Word, etc.).

Users will see two MFA (Duo) prompts when logging in, depending on which login screen they reach (Identity Management, Urbana Single Sign-On Pages)

  • Duo Universal Prompt - when logging into Microsoft365 and Shibboleth (Canvas, Box, Zoom, Moodle, etc.) applications.
  • AITS Duo iFrame - when logging into AITS applications (Banner, HR Reporting, My UI Info, NetID Center, Direct Deposit, etc.)

An overview of authentication devices can be found here: 2FA, Authentication methods & devices

Frequently Asked Questions

What services require MFA?

Most applications now require MFA when logging in. These include learning platforms such as Canvas and Moodle, productivity apps such as Microsoft365 and Box, collaboration apps such as Zoom and Teams, and Banner.

What if I’m off campus?

You can enroll in, and use MFA even while off campus. If you are authenticating with the Duo Universal Prompt, it will easily guide you through enrollment with no additional requirements. If you are enrolling via the NetID Center will off-campus, you can enroll using your recovery email address. For instructions on enrolling off campus, see 2FA, How do I enroll in 2-Factor Authentication from off campus?

What if I’m locked out?

The NetID Center allows you to set a recovery email address. It is recommended you set this up to facilitate recovery. Temporary codes can be sent here in the event your phone is lost or you are otherwise unable to use your normal 2FA device. Instructions on how to set up recovery options are here: NetID Center, Set and modify your recovery options

What if I don’t have Cellular or WiFi access?

The Duo Mobile app, available for Apple and Android devices, works without any connectivity. You can replace your SIM card, change providers, turn on airplane mode, or travel internationally and the Duo Mobile app will still work. The common “Push” prompt won’t be available, but the App works by generating a short 6 digit code that you can type into the web application prompt. For more information, see here: 2FA, Authenticating without network access

What if I don’t have a smart phone?

The Duo Mobile app can be used with iPads and Android tablets. It can also be used with older iOS and Android devices that users have. (iOS 13 and above, Android 8 and above).

Hardware tokens are also available for purchase from the Webstore. See this KB for more information: 2FA, Hardware Tokens and Security Keys

What if I don’t want to buy a token or use one from the WebStore?

Each college or department is handling token purchase and management. Please contact your local IT or Business office about providing you a token. The AITS Duo iFrame and NetID Center do not support tokens purchased from vendors outside of the campus WebStore. However, the Duo Universal Prompt allows for users to enroll their own WebAuthn/FIDO2 security keys. It will be the user's responsibility to ensure compatibility. More information here: 2FA, Hardware Tokens and Security Keys




Keywords:two factor twofactor two-factor duo multi-factor multi factor authentication 2fa mfa   Doc ID:84480
Owner:ID M.Group:University of Illinois Technology Services
Created:2018-08-03 08:09 CSTUpdated:2022-08-11 14:42 CST
Sites:University of Illinois Technology Services
Feedback:  0   0