Two-Factor Authentication (2FA)

GET ADDITIONAL PROTECTION FOR YOUR DATA!

Illinois uses the Duo 2FA service to help protect data with Two-Factor Authentication.

Start using 2 Factor Authentication now. 

1. Check. 
Are you enrolled with Duo?
Visit https://verify.uillinois.edu/ to find out and to enable your device (mobile phone or token) and set preferences. 

2. Opt in to use 2FA before mandatory enrollment.
After enrolling and confirming devices, opt-in by completing this form:

Sign Up Button to opt into 2FA
https://go.illinois.edu/2fa-optin

We will enable 2FA for you. Once enabled, Duo will appear on your login screen after you enter a NetID and password.

 

Protect your information with 2FA. Here's the why, when, and how.

The university is continuing its efforts to protect valuable assets and access by requiring Two- Factor Authentication (2FA) on more systems and services in Fall 2018.

 

 

Why 2FA?

It works.
2FA already protects NESSIE. Targeted attacks were made in the past against university payroll in attempts to steal paychecks. Since implementing this technology, attacks on payroll customers have effectively vanished. 

Illinois experiences about 700 compromised accounts each month. Other Big Ten institutions added 2FA across their services, dropping their rates of compromised accounts to nearly zero.

A password is no longer enough.
Attacks on accounts are increasingly sophisticated. 2FA helps to determine that you are who you say you are and are not someone with a stolen password.

What is the 2FA Timeline?

  • Everyone was able to opt-in from April-September 2018. Undergraduates can continue to opt-in after September.
  • Graduate students will be required to use 2FA starting in October 2018 and are being enrolled throughout the month.
  • Staff and faculty will be required to use 2FA starting in November 2018.

Who and What is Covered by 2FA?

There are multiple authentication systems on campus. The main ones which will be covered by 2FA are Shibboleth, Office 365, and some SiteMinder applications. This covers hundreds of applications but some of the most prominent are Compass2g (blackboard), Box, Lynda.com, and learn@illinois (Moodle).  

How does 2FA work?

Duo Security is the campus provider of 2FA. Once you login with a NetID and password, Duo sends a request to confirm that you are who you say you are via mobile phone notification, phone call, or by another method such as a token. Clicking a button or entering a code informs Duo that you are a legitimate user of campus services. The process takes just a few clicks, taps, or keystrokes. Using the Duo phone app to verify is the fastest method. It works even without a wifi connection and in airplane mode,

How Do I Opt-In for 2FA before mandatory enrollment?

If you have already enrolled in Duo, you do not need to enroll again. 

Those already enrolled should confirm their 2FA self-recovery options, such as a back-up non-University email. Instructions for that can be found at https://answers.uillinois.edu/internal/page.php?id=76500

To enroll in Duo for the first time visit https://verify.uillinois.edu/

The verify website also provides information about downloading the Duo mobile app.
Find a self-enrollment guide at https://answers.uillinois.edu/internal/page.php?id=65947

Once you have enrolled in Duo and downloaded the app, complete a 2FA opt-in form at https://go.illinois.edu/2fa-optin.

What if I don’t want to use my phone for 2FA?

If an employee does not want to use a personal device, they may contact their manager about having their unit acquire a 2FA Token from the WebStore. You can learn more about tokens at https://answers.uillinois.edu/internal/page.php?id=72159

What if I’m off campus?

The UI Verify interface (https://verify.uillinois.edu) supports enrollment from off-campus if you have previously specified a secondary email account with the university. Contact consult@illinois.edu or 217-244-7000 for additional help with enrolling from off campus.

What if I don’t have Cellular or WiFi access?

The DUO mobile app, available for Apple and Android devices, works without any connectivity. You can replace your SIM card, change providers, turn on airplane mode, or travel internationally and the Duo App works. The common “Push” prompt won’t be available, but the App works by generating a short 6 digit code that you can type into the web application prompt.

What vendor can I use to purchase a token?

Only tokens purchased through Webstore (https://webstore.illinois.edu) are set up with the private identity and secret key specifically for the University’s 2FA service. The University has a tightly-controlled provisioning process with Yubikey in order to meet the University’s security needs. Only tokens purchased from the Webstore will work as your second factor.

While any staff or faculty member may purchase a token through Webstore, you may wish to check with your business or HR office for information regarding the process your unit or college is using to provision University-provided tokens to its employees.

What if I’m locked out?

The UI Verify interface (https://verify.uillinois.edu) allows you to set a recovery email address. It is recommend you set this to facilitate recovery. Temporary codes can be sent here in the event your phone is lost or you are otherwise unable to use your normal 2FA device. More information is available at, https://answers.uillinois.edu/internal/page.php?id=76500