2FA, Why You Need 2FA and FAQ

Why do I need 2-factor authentication?

2FA will protect both you and the University from unauthorized access to your personal data stored in the University's enterprise systems. 2FA provides a second layer of security to your University account making it difficult for an unauthorized person to access your information. 2FA provides better account protection than merely using a password. If your password is stolen or compromised, having 2FA set up will require the thief to also have possession of your registered device in order to access your account. Merely having your PIN and password is no longer enough to change your personal information.

Some important points:

Graduate students, staff and faculty are required to use 2FA

Undergraduates who are already enrolled in 2FA for System HR (formerly NESSIE) because they have direct deposit set up, are required to use 2FA across all services outlined below. 

What services require 2FA?

There are multiple authentication systems on campus. The main ones which will be covered by 2FA are Shibboleth, Office 365, and some SiteMinder applications. This covers hundreds of applications but some of the most prominent are Compass2g (blackboard), Box, Lynda.com, learn@illinois (Moodle) and Office 365. 
Certain parts of NESSIE and Banner are already behind 2FA.

What if I’m off campus?

Your 2FA settings can be accessed via NetID Center and supports enrollment from off-campus if you have previously specified a secondary email account with the university. For instructions on enrolling off campus, see 2FA, How do I enroll in 2-Factor Authentication from off campus?.

What if I’m locked out?

The NetID Center allows you to set a recovery email address. It is recommend you set this to facilitate recovery. Temporary codes can be sent here in the event your phone is lost or you are otherwise unable to use your normal 2FA device. Instructions on how to set up recovery options are here: NetID Center, Set and modify your recovery options.

What if I don’t have Cellular or WiFi access?

The DUO mobile app (free), available for Apple and Android devices, works without any connectivity. You can replace your SIM card, change providers, turn on airplane mode, or travel internationally and the Duo App works. The common “Push” prompt won’t be available, but the App works by generating a short 6 digit code that you can type into the web application prompt. For more information, see here: 2FA, Authenticating without network access.

What if I don’t have a smart phone?

Cell phones, tablets and many devices are supported by the DUO mobile app (Android and iOS versions available).  This is the “preferred” method and method that most people find the easiest. It works even without Wi-Fi or cellular service. Push notifications take mere seconds and integrate with many other devices.  Tokens are available in the WebStore (search “2FA”). 

Three kinds of tokens are available, a $13 token (displays a code for you to type in), a $45 token (USB Yubikey) and a $45 token (USB-C Yubikey). The Yubikey is also the accessibility/disability version.

What if I don’t want to buy a token or use one from the WebStore?

Token purchase and management is being handled by each college or department. Please contact your local IT or Business office about providing you a token. The campus does not support tokens purchased from vendors outside of the campus WebStore.