Are you enrolled with Duo?
Visit https://identity.uillinois.edu/ to find out and to enable your device (mobile phone or token) and set preferences.
Protect your information with 2FA. Here’s the Why, When, and How.
UIS is continuing its efforts to protect valuable assets and access by requiring Two- Factor Authentication (2FA) on more systems and services in March 2021.
2FA already helps protects University applications such as Banner, Direct Deposit and other System HR resources. Before implementing 2FA, university payroll was a large target for attackers attempting to steal employee paychecks. Since implementing this technology, attacks on payroll customers have effectively vanished.
The Illinois System experiences about 750 compromised accounts each month. Looking at other academic institutions who have implemented 2FA across their services, it has been proven that compromised accounts can drop to nearly zero.
A password is no longer enough.
Attacks on accounts are increasingly sophisticated. 2FA helps to determine that you are who you say you are and are not someone with a stolen password.
Who and What is Covered by 2FA?
Currently, you are required to use 2FA if you access any of the following applications:
Enterprise applications such as Banner, HRFE/Paris, HR Reporting Portal, and iBuy
In March 2021, all Springfield campus faculty and staff will be required to use 2FA for services that are protected by Shibboleth and Office 365 (O365).
Shibboleth is used in front of applications such as Canvas, Box, LinkedIn Learning, Qualtrics, and all the apps running on apps.uis.edu (adviseu, attendance, time clock, course evaluations, parking permit, etc.)
O365 includes the Office online applications (Outlook online, Word online, SharePoint, OneNote, etc.) as well as the Office desktop apps such as Outlook, Teams, and more.
Note: Students are not required to use 2FA at this time unless they are enrolled in direct deposit.
How does 2FA work?
Duo Security is the campus provider of 2FA. Once you login with a NetID and password, Duo sends a request to confirm that you are who you say you are via mobile phone notification, phone call, or by another method such as a token. Clicking a button or entering a code informs Duo that you are a legitimate user of campus services. The process takes just a few clicks, taps, or keystrokes. Using the Duo phone app to verify is the fastest method. It works even without a wifi connection and in airplane mode.
What if I don’t want to use my phone for 2FA?
If an employee does not want to use a personal device, they may contact their manager about having their unit acquire a 2FA Token from the WebStore. You can learn more about tokens at https://answers.uillinois.edu/internal/page.php?id=72159
What if I don’t have Cellular or WiFi access?
The DUO mobile app, available for Apple and Android devices, works without any connectivity. You can replace your SIM card, change providers, turn on airplane mode, or travel internationally and the Duo App works. The common “Push” prompt won’t be available, but the App works by generating a short 6 digit code that you can type into the web application prompt.
What vendor can I use to purchase a token?
Only tokens purchased through the U of I Webstore are set up with the private identity and secret key specifically for the University’s 2FA service. The University has a tightly-controlled provisioning process with Yubikey in order to meet the University’s security needs. Only tokens purchased from the Webstore will work as your second factor.
What if I’m locked out?
The NetID Center allows you to set a recovery email address. It is recommended you set this to facilitate recovery. Temporary codes can be sent here in the event your phone is lost or you are otherwise unable to use your normal 2FA device. More information is available at, https://answers.uillinois.edu/internal/page.php?id=76500
Where can I find more information?
The 2FA Knowledge Base has many useful knowledge documents, troubleshooting tips, and frequently asked questions to assist both in signing up and understanding the 2FA service.