Two-Factor Authentication (2FA)


Illinois uses the Duo 2FA service to help protect data with Two-Factor Authentication.

Are you enrolled with Duo?
Visit to find out and to enable your device (mobile phone or token) and set preferences.


Protect your information with 2FA. Here's the why, when, and how.

The university is continuing its efforts to protect valuable assets and access by requiring Two- Factor Authentication (2FA) on more systems and services in Fall 2018.



Why 2FA?

It works.
2FA already protects NESSIE. Targeted attacks were made in the past against university payroll in attempts to steal paychecks. Since implementing this technology, attacks on payroll customers have effectively vanished. 

Illinois experiences about 700 compromised accounts each month. Other Big Ten institutions added 2FA across their services, dropping their rates of compromised accounts to nearly zero.

A password is no longer enough.
Attacks on accounts are increasingly sophisticated. 2FA helps to determine that you are who you say you are and are not someone with a stolen password.


Who and What is Covered by 2FA?

Currently, you are required to use 2FA if you access any of the following applications:

  • Enterprise applications such as Banner, HRFE/Paris, HR Reporting Portal, and iBuy
  • Direct deposit

In additional, all Urbana campus faculty, staff, and graduate students are required to use 2FA for services that are protected by Shibboleth and ADFS, including Office 365 and Outlook Online, Compass 2G, U of I Box, LinkedIn Learning, and Learn@Illinois (Moodle).

Undergraduate students are not required to enroll in 2FA at this time unless you are enrolled in direct deposit.

Note: Once enrolled, you will not be able to remove this feature from your account. Certain applications may require 2FA and more applications may be protected moving forward.


How does 2FA work?

Duo Security is the campus provider of 2FA. Once you login with a NetID and password, Duo sends a request to confirm that you are who you say you are via mobile phone notification, phone call, or by another method such as a token. Clicking a button or entering a code informs Duo that you are a legitimate user of campus services. The process takes just a few clicks, taps, or keystrokes. Using the Duo phone app to verify is the fastest method. It works even without a wifi connection and in airplane mode,


What if I don’t want to use my phone for 2FA?

If an employee does not want to use a personal device, they may contact their manager about having their unit acquire a 2FA Token from the WebStore. You can learn more about tokens at


What if I’m off campus?

The UI Verify interface ( supports enrollment from off-campus if you have previously specified a secondary email account with the university. Contact or 217-244-7000 for additional help with enrolling from off campus.


What if I don’t have Cellular or WiFi access?

The DUO mobile app, available for Apple and Android devices, works without any connectivity. You can replace your SIM card, change providers, turn on airplane mode, or travel internationally and the Duo App works. The common “Push” prompt won’t be available, but the App works by generating a short 6 digit code that you can type into the web application prompt.


What vendor can I use to purchase a token?

Only tokens purchased through Webstore ( are set up with the private identity and secret key specifically for the University’s 2FA service. The University has a tightly-controlled provisioning process with Yubikey in order to meet the University’s security needs. Only tokens purchased from the Webstore will work as your second factor.

While any staff or faculty member may purchase a token through Webstore, you may wish to check with your business or HR office for information regarding the process your unit or college is using to provision University-provided tokens to its employees.


What if I’m locked out?

The UI Verify interface ( allows you to set a recovery email address. It is recommend you set this to facilitate recovery. Temporary codes can be sent here in the event your phone is lost or you are otherwise unable to use your normal 2FA device. More information is available at,