Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves.

2FA is implemented to better protect both a user's credentials and the resources the user can access. Two-factor authentication provides a higher level of security than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor -- typically, a password or passcode. Two-factor authentication methods rely on a user providing a password as the first factor and a second, different factor -- usually either a security token or a biometric factor, such as a fingerprint or facial scan.

Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts because, even if the victim's password is hacked, a password alone is not enough to pass the authentication check.

Two-factor authentication has long been used to control access to sensitive systems and data. Online service providers are increasingly using 2FA to protect their users' credentials from being used by hackers who stole a password database or used phishing campaigns to obtain user passwords.

University of Illinois uses the Duo 2FA service to help protect data with Two-Factor Authentication.

Are you enrolled with Duo?

Visit Identity.uillinois site to find out and to enable your device (mobile phone or token) and set preferences.

Protect your information with 2FA. Here’s the Why, When, and How.

UIS is continuing its efforts to protect valuable assets and access by requiring Two- Factor Authentication (2FA) on more systems and services in March 2021.

Why 2FA?

It works.

2FA already helps protects University applications such as Banner, Direct Deposit and other System HR resources. Before implementing 2FA, university payroll was a large target for attackers attempting to steal employee paychecks. Since implementing this technology, attacks on payroll customers have effectively vanished.

The Illinois System experiences about 750 compromised accounts each month. Looking at other academic institutions who have implemented 2FA across their services, it has been proven that compromised accounts can drop to nearly zero.

A password is no longer enough.

Attacks on accounts are increasingly sophisticated. 2FA helps to determine that you are who you say you are and are not someone with a stolen password.

Who and What is Covered by 2FA?

Currently, you are required to use 2FA if you access any of the following applications:

Enterprise applications such as Banner, HRFE/Paris, HR Reporting Portal, and iBuy

Direct deposit

UIS VPN [Cisco Anyconnect]

On December 13, 2022 Students will be required to use 2FA for services at UIS that are protected by Shibboleth and Office 365.

In March 2021, all Springfield campus faculty and staff will be required to use 2FA for services that are protected by Shibboleth and Office 365 (O365).

Shibboleth is used in front of applications such as Canvas, Box, LinkedIn Learning, Qualtrics, and all the apps running on (adviseu, attendance, time clock, course evaluations, parking permit, etc.)

O365 includes the Office online applications (Outlook online, Word online, SharePoint, OneNote, etc.) as well as the Office desktop apps such as Outlook, Teams, and more.

How does 2FA work?

Duo Security is the campus provider of 2FA. Once you login with a NetID and password, Duo sends a request to confirm that you are who you say you are via mobile phone notification, phone call, or by another method such as a token. Clicking a button or entering a code informs Duo that you are a legitimate user of campus services. The process takes just a few clicks, taps, or keystrokes. Using the Duo phone app to verify is the fastest method. It works even without a wifi connection and in airplane mode.

What if I don’t want to use my phone for 2FA?

If an employee does not want to use a personal device, they may contact their manager about having their unit acquire a 2FA Token from the WebStore. Learn more about tokens.

What if I don’t have Cellular or WiFi access?

The DUO mobile app, available for Apple and Android devices, works without any connectivity. You can replace your SIM card, change providers, turn on airplane mode, or travel internationally and the Duo App works. The common “Push” prompt won’t be available, but the App works by generating a short 6 digit code that you can type into the web application prompt.

What vendor can I use to purchase a token?

Only tokens purchased through the U of I Webstore are set up with the private identity and secret key specifically for the University’s 2FA service. The University has a tightly-controlled provisioning process with Yubikey in order to meet the University’s security needs. Only tokens purchased from the Webstore will work as your second factor.

What if I’m locked out?

The NetID Center allows you to set a recovery email address. It is recommended you set this to facilitate recovery. Temporary codes can be sent here in the event your phone is lost or you are otherwise unable to use your normal 2FA device. Learn more about 2FA.

Where can I find more information?

The 2FA Knowledge Base has many useful knowledge documents, troubleshooting tips, and frequently asked questions to assist both in signing up and understanding the 2FA service.