Two-Factor Authentication (2FA)

GET ADDITIONAL PROTECTION FOR YOUR DATA!

Illinois uses the Duo 2FA service to help protect data with Two-Factor Authentication.

Are you enrolled with Duo?
Visit https://identity.uillinois.edu/ to find out and to enable your device (mobile phone or token) and set preferences.

 

Protect your information with 2FA. Here's the why, when, and how.

The university is continuing its efforts to protect valuable assets and access by requiring Two- Factor Authentication (2FA) on more systems and services in Fall 2018.

 

 

Why 2FA?

It works.
2FA already protects NESSIE. Targeted attacks were made in the past against university payroll in attempts to steal paychecks. Since implementing this technology, attacks on payroll customers have effectively vanished. 

Illinois experiences about 700 compromised accounts each month. Other Big Ten institutions added 2FA across their services, dropping their rates of compromised accounts to nearly zero.

A password is no longer enough.
Attacks on accounts are increasingly sophisticated. 2FA helps to determine that you are who you say you are and are not someone with a stolen password.

What is the 2FA Timeline?

  • Everyone was able to opt-in from April-September 2018. Undergraduates can continue to opt-in after September.
  • Graduate students will be required to use 2FA starting in October 2018 and are being enrolled throughout the month.
  • Staff and faculty will be required to use 2FA starting in November 2018.

Who and What is Covered by 2FA?

There are multiple authentication systems on campus. The main ones which will be covered by 2FA are Shibboleth, Office 365, and some SiteMinder applications. This covers hundreds of applications but some of the most prominent are Compass2g (blackboard), Box, Lynda.com, and learn@illinois (Moodle).  

How does 2FA work?

Duo Security is the campus provider of 2FA. Once you login with a NetID and password, Duo sends a request to confirm that you are who you say you are via mobile phone notification, phone call, or by another method such as a token. Clicking a button or entering a code informs Duo that you are a legitimate user of campus services. The process takes just a few clicks, taps, or keystrokes. Using the Duo phone app to verify is the fastest method. It works even without a wifi connection and in airplane mode,

What if I don’t want to use my phone for 2FA?

If an employee does not want to use a personal device, they may contact their manager about having their unit acquire a 2FA Token from the WebStore. You can learn more about tokens at https://answers.uillinois.edu/internal/page.php?id=72159

What if I’m off campus?

The UI Verify interface (https://identity.uillinois.edu) supports enrollment from off-campus if you have previously specified a secondary email account with the university. Contact consult@illinois.edu or 217-244-7000 for additional help with enrolling from off campus.

What if I don’t have Cellular or WiFi access?

The DUO mobile app, available for Apple and Android devices, works without any connectivity. You can replace your SIM card, change providers, turn on airplane mode, or travel internationally and the Duo App works. The common “Push” prompt won’t be available, but the App works by generating a short 6 digit code that you can type into the web application prompt.

What vendor can I use to purchase a token?

Only tokens purchased through Webstore (https://webstore.illinois.edu) are set up with the private identity and secret key specifically for the University’s 2FA service. The University has a tightly-controlled provisioning process with Yubikey in order to meet the University’s security needs. Only tokens purchased from the Webstore will work as your second factor.

While any staff or faculty member may purchase a token through Webstore, you may wish to check with your business or HR office for information regarding the process your unit or college is using to provision University-provided tokens to its employees.

What if I’m locked out?

The UI Verify interface (https://identity.uillinois.edu) allows you to set a recovery email address. It is recommend you set this to facilitate recovery. Temporary codes can be sent here in the event your phone is lost or you are otherwise unable to use your normal 2FA device. More information is available at, https://answers.uillinois.edu/internal/page.php?id=76500