Two-Factor Authentication (2FA)

Two-factor authentication (2FA) is an enhanced, multi-step authentication method. You may already use 2FA to access Nessie from home – or on external websites such as Gmail or your bank’s website.


Table of Contents Quick Links Tokens from Webstore


 How to set up two-factor authentication

Watch the following video for comprehensive instructions on setting up 2FA:


                                                                                                                                                    
 How can I enroll while off campus?


  How to sign in using 2FA

The following video shows how to use Duo Push notifications, phone-call passcodes and text-message passcodes:



 How to manage your 2FA devices
 How to set up self-recovery if you don't have your 2FA device


  Why 2FA?

A password is no longer enough.

Attacks on accounts are increasingly sophisticated. 2FA helps to determine that you are who you say you are, and are not just someone with a stolen password.

The university is continuing its efforts to protect access to valuable assets by requiring 2FA on more systems and services, starting in Fall 2018.

You are being asked to do this as part of the University’s solution to protect your sensitive, personal university data. 2FA provides better account protection than merely using a password. If your password is stolen or compromised, having 2FA set up will require the thief to also have possession of your 2FA device in order to access your account. Merely having your pin and password is no longer enough to change your personal information.


  What is the timeline for adopting 2FA?

Everyone can enroll beginning in April 2018.
Graduate students will be required to use 2FA starting October 2, 2018.
Staff and faculty will be required to use 2FA starting in November 2018.
Although not currently required, Undergraduates can enroll after September.


  Who and what is covered by 2FA?

Who?
Anyone with a NetID

What?
There are multiple authentication systems on campus. The main ones which will be covered by 2FA are Shibboleth, Office 365, and some SiteMinder applications. This covers hundreds of applications but some of the most prominent are Compass2g (blackboard), Box, Lynda.com, learn@illinois (Moodle) and Office 365.

Which applications require 2FA?

2FA is required for the following apps from anywhere: 2FA is required for the following apps only from non-University networks and VPN:
  • Banner Forms
  • HRFE/PARIS
  • NEWT
  • HR Reporting Portal
  • Blackboard
  • Box
  • Lynda
  • Moodle
  • Office 365
  • Student Direct Deposit
  • Any apps using Shibboleth logins
NESSIE
  • Direct Deposit
  • W-4
  • Benefits and Earning statements
  • W-2/1042-S Tax Statement
  • EIF
  • Loan Default
  • TDRP
  • LTD
  • Civil Service Appointment Information
  • Employment Verification
  • NOA
  • Transit Benefit
  • Child Tuition Waiver
  • Employee Tuition Waiver
  • Shared Benefits
  • ANCRA Training

2FA will eventually be required for:

  • NetID and Password Changes
  • Applications accessing sensitive data
  • Urbana campus Email
  • Potentially new applications and services in the future

What 2FA looks like for applications using Shibboleth logins:



What 2FA looks like for Office 365 applications:





 I cannot remember if I set up 2FA previously. How do I check?

We recommend starting the quick setup process from the beginning by going to verify.uillinois.edu and clicking Get Started. (Watch the 2FA Self Enrollment video above to see your next steps.)

If you have already registered your cell phone number, your second entry will override the first (rather than registering the number twice). You will also have the option of registering additional devices.



 Can I set up 2FA without using my personal smartphone?

Yes. However, using the Duo app on your personal smartphone is the recommended – and most convenient – method of two-factor authentication.

Other ways to authenticate with 2FA

Tablet  Duo will send you a push notification to your tablet, allowing you to approve or deny the login request. The app can also generate passcodes without needing a network connection. Open the DUO Mobile app and select the key icon to the right of the University of Illinois to generate a passcode. Then enter that passcode on the 2FA screen.
Cellular Phone  A text or phone call with a code can be received with your cell phone (does not need to be a smartphone).
Landline Phone  A non-University phone number can be used to authenticate. Some university phone numbers are in shared spaces and are not considered secure. Lync phones are not considered a second factor and cannot be used for authentication purposes.
Token  If you do not wish to use your smartphone, tablet, cell phone or landline phone, you can request a token for authentication. See below for more information.



 What is a token, and how do I get one?

The token is a physical device that will generate a numeric passcode. 

For staff and faculty, your department may purchase tokens through the Web Store. 

Graduate students may purchase tokens for themselves via the Web Store. There are two options available:

Since the token is associated with an account, tokens cannot be shared. They can be transferred.

 More info about tokens
 Token replacement steps



 Where can I leave feedback about 2FA?

Tech Services has provided a 2FA feedback/survey form here: https://go.illinois.edu/2fasurvey


Short URL for this page: http://go.illinois.edu/2fa-engr




Keywords:Two Factor Authentication (2FA)   Doc ID:84495
Owner:Khlaf A.Group:University of Illinois Engineering IT
Created:2018-08-03 14:09 CDTUpdated:2018-09-13 14:26 CDT
Sites:University of Illinois Engineering IT
Feedback:  1   0