what is 2-factor authentication? - peoria.medicine.uic.edu · implementing two-factor...
TRANSCRIPT
WHAT IS 2-FACTOR
AUTHENTICATION (2FA)?
• Something you know (password, PIN, etc.)
• Some physical characteristic of the individual (fingerprint, voice, heart rate, etc.)
• Some physical object you control (token, key, bank card, etc.)
1
2-factor authentication (2FA) is an extra layer of security protection for your sensitive, personal university data.
1 OF 3 EMAILS SENT TO USERS:
2FA AUTHENTICATED
Our records indicate that you have access to Banner Forms and you have authenticated your 2-Factor Authentication (2FA) account. On September 24, 2017, we are implementing two-factor authentication (2FA) for Banner administrative forms for both on and off campus networks. This means, when you login to Banner Forms, you will also need to authenticate with 2FA.What is 2FA?Two-factor authentication provides protection for sensitive data by requiring something you know (your NetID and password) and something you have (a hardware token or a mobile device). Without 2FA, the University of Illinois System is at risk of data breaches that could result in financial theft. You can learn more about 2FA with this KnowledgeBase article: https://answers.uillinois.edu/internal/page.php?id=65937 (login required).How do I review my 2FA access?You can review your 2FA access at https://verify.uillinois.edu/. You will need your 2FA token device or your mobile device to review your access. You can learn more about 2FA token devices here: https://verify.uillinois.edu/secure/using-tokens.php. Review of your 2FA access should take less than 5 minutes. You will need to login and verify that your contact information is correct.For more information on 2FA, go to https://verify.uillinois.edu/. Additional questions concerning the 2FA project can be directed to me, your University Security Officer (UIC - Ed Zawacki, UIS - Clayton Bellot, Urbana - Joe Barnes and System Office - Chris Barton)or the AITS Service Desk - https://www.aits.uillinois.edu/get_help.If you no longer need access to Banner forms, please contact your Unit Security Contact (USC) to have your access removed. You can find your USC here: https://www.aits.uillinois.edu/access/find_my_uscThanks,Mark PollardAITS
There were a series of 3 letters that went out to our users-
1 OF 3 EMAILS SENT TO USERS:
2FA NO AUTHENTICATE
• Our records indicate that you have access to Banner Forms, but you have not yet authenticated your 2-Factor Authentication (2FA) account. On September 24, 2017, we are implementing two-factor authentication (2FA) for Banner administrative forms for both on and off campus networks. This means, if you do not authenticate your 2FA account, you will not be able to login to Banner on Monday, September 25.
• What is 2FA?Two-factor authentication provides protection for sensitive data by requiring something you know (your NetID and password) and something you have (a hardware token or a mobile device). Without 2FA, the University of Illinois System is at risk of data breaches that could result in financial theft. You can learn more about 2FA with this KnowledgeBase article: https://answers.uillinois.edu/internal/page.php?id=65937
• How do I authenticate my 2FA account?You can learn how to authenticate your 2FA account with this KnowledgeBase article: https://answers.uillinois.edu/internal/page.php?id=65941. To authenticate your 2FA account, you will need your 2FA token device or your mobile device. You can learn more about 2FA token devices here: https://verify.uillinois.edu/secure/using-tokens.php. 2FA Authentication should take less than 5 minutes.
• For more information on 2FA, go to https://verify.uillinois.edu/. Additional questions concerning the 2FA project can be directed to me, your University Security Officer (UIC - Ed Zawacki, UIS - Clayton Bellot, Urbana - Joe Barnes and System Office - Chris Barton) or the AITS Service Desk - https://www.aits.uillinois.edu/get_help
• If you no longer need access to Banner forms, please contact your Unit Security Contact (USC) to have your access removed. You can find your USC here: https://www.aits.uillinois.edu/access/find_my_usc
1 OF 3 EMAILS SENT TO USERS:
NO 2FAOur records indicate that you have access to Banner Forms, but you have not enrolled in 2-Factor Authentication (2FA). On September 24, 2017, we are implementing two-factor authentication (2FA) for Banner administrative forms for both on and off campus networks. This means, if you do not enroll in 2FA, you will not be able to login to Banner on Monday, September 25.What is 2FA?Two-factor authentication provides protection for sensitive data by requiring something you know (your NetID and password) and something you have (a hardware token or a mobile device). Without 2FA, the University of Illinois System is at risk of data breaches that could result in financial theft. You can learn more about 2FA with this KnowledgeBase article: https://answers.uillinois.edu/internal/page.php?id=65937How do I enroll in 2FA from a University Network?You can enroll in 2FA at https://verify.uillinois.edu/. You will need your 2FA token device or your mobile device to complete your registration. You can learn more about 2FA token devices here: https://verify.uillinois.edu/secure/using-tokens.php. Enrollment should take less than 5 minutes. If you need some assistance enrolling, you should read the Self Enrollment Guide found in this KnowledgeBase article: https://answers.uillinois.edu/internal/page.php?id=65947How do I enroll in 2FA when I am not on a University Network?You must first call the AITS ServiceDesk at 217-333-3102 (Urbana or Springfield) or 312-996-4806 (Chicago). You will need to tell them that you want an enrollment code to enroll in 2FA. You will have to answer a few questions to verify that you are who you say you are. You will also need your 2FA token device or your mobile device to complete your registration. You can learn more about 2FA token devices here: https://verify.uillinois.edu/secure/using-tokens.php. Once you have both your code and device, you can enroll in 2FA at https://verify.uillinois.edu/. If you need some assistance enrolling, you should read the Self Enrollment Guide found in this KnowledgeBase article: https://answers.uillinois.edu/internal/page.php?id=65947.For more information on 2FA, go to https://verify.uillinois.edu/. Additional questions concerning the 2FA project can be directed to me, your University Security Officer (UIC - Ed Zawacki, UIS - Clayton Bellot, Urbana - Joe Barnes and System Office - Chris Barton) or the AITS Service Desk - https://www.aits.uillinois.edu/get_helpIf you no longer need access to Banner forms, please contact your Unit Security Contact (USC) to have your access removed. You can find your USC here: https://www.aits.uillinois.edu/access/find_my_usc
HOW DOES 2FA WORK?
• With 2FA, you need both • “something you know” (NetID/password) along with
• “something you possess” (hardware token, passcode, phone, or message from a device you have set up with Duo).
When you log in to a system requiring 2FA, you will need to authenticate that it is you with a passcode, phone call or text message on the device you set up with Duo.
WHY TWO-FACTOR AUTHENTICATION
• Two-factor authentication (2FA) is one of the best ways to protect against remote attacks such as phishing, credential exploitation, and other attempts to takeover your accounts.
• Without your physical device, remote attackers can’t pretend to be you in order to gain unauthorized access to corporate networks, personally identifiable information, electronic protected health information, financial information, etc.
• 2FA provides a second layer of security to your University account making it difficult for an unauthorized person to access your information and provides better account protection .
• If your password is stolen or compromised, having 2FA set up will require the thief to also have possession of your registered device in order to access your account.
6
2FA will protect both you and the university from unauthorized access to your personal data stored in the university's enterprise systems.
WHAT SYSTEM IS USED FOR 2FA?
• The University of Illinois has selected Duo, an industry leader in cyber security services, to provide 2-factor authentication (2FA) services. It is a cloud based service that will help secure your account and the University’s sensitive data. The initiative for using 2FA at the University has been branded UI Verify.
• NESSIE
• Direct Deposit
• W-4
• Benefits and Earning statements
• W-2/1042-S Tax Statement
• EIF
• Loan Default
• TDRP
• LTD
• Civil Service Appointment Information
• Employment Verification
• NOA
• Transit Benefit
• Child Tuition Waiver
• Employee Tuition Waiver
• Shared Benefits
• ANCRA Training
Duo authentication will be required for applications:
WHEN DO I NEED TO USE 2FA?
• Banner Forms
• PARIS
• HRFE
• Any University
Sensitive Data
• NetID and
Password
Changes
• 2FA is now required for all users accessing
Nessie Direct Deposit or if you are accessing any
University sensitive data.
• Now that University direct deposit and W2 are
protected, where will attackers turn next?
USING 2-FACTOR AUTHENTICATION
(2FA)
• With UI Verify, to login into University systems you will need two pieces of information: your NetID password, PLUS a generated code or message from a device that you have set up as your second factor.
• You have several options for your 2FA device: • Install the DUO Security application on your personal smartphone.
• Use a non-University phone to receive texts or calls with a code.
• Use a University hardware token to generate a code, which can be purchased through the WebStore by your department.
HOW TO GET STARTED-
Go to: verify.uillinois.edu
CIS has posted instructions and tutorial videos
on our website (http://peoria.medicine.uic.edu/cis/2fa/ ) to
help users understand the enrollment process and how to
authenticate using 2FA.
Users will see this page after going to verify.uillinois.edu and we recommend that you click on "Get Started" butyou will still be prompted to select your Chicago Campus Siteand then a login screen will
appear for you to login-
You will either 1st see the option box to pick
the UIC campus or if you have already enrolled,
you will go straight to this screen to input your username and password.
If you’re set up and you click on “call me” it willsend a message to your personal device and then it will ask you to enter a number if you generated The call otherwise hang up.
If you are not setup you can view a short video for instructions on how to enroll.
If you are enrolled in 2FA and you have followed theinstructions from the phone call that you received
on your personal device you will see the screen shot on your PC .
So if your authentication was successfulyou can log out and you are done.If you need to enroll an additional device orpurchase a token or choose to add the mobile app there are more steps to take.
2FA – Self Enrollment Process
1. For your 1st visit-go to the UI-Verify site: https://verify.uillinois.edu
2. Click the Get Started button, choose your campus and login with your NetID
and Password.
3. Next click on Start Setup and choose what kind of device you want to enroll, on
the UI Verify: Managing Devices Screen, you will select your device. When
registering a landline or mobile phone you will need to confirm your non-university
phone number.
4. The next step will ask you what type of device it is and then it will ask you to
download the Duo Mobile app.
5. CIS has listed a short video of the process on their Website at
http://peoria.medicine.uic.edu/cis/2fa/
If you see the screen below, you already have a phone number enrolled in duo. This may happen automatically if you have a phone number registered as a password manager recovery option, or in the campus emergency alert system. To register your smartphone or add another device, click add a new device.
You may want to add another device if you worry about losing your 1st devicethat is setup as your default device. The next slides will help you do that.
2FA - ADDING A DEVICE TO DUO
• We recommend:Adding a mobile phone as your primary device. This will allow you to use the Duo Mobile app for the best experience.
• Adding at least two devices is recommended, if you have only one device defined and it is lost or disabled, you will not be able to access the system.
• After clicking Add a new device, choose the type of device you are adding
For simple voice or text message verification, choose other as your phone type.Otherwise to use the duo mobile app on your device, choose your device manufacturer.Then click continue
IF YOU HAVE NOT INSTALLED THE DUO MOBILE FOR YOUR DEVICE, DO IT NOW. OTHERWISE, CLICK THE I HAVE DUO MOBILE INSTALLED BUTTON. (THE APP CAN BE FOUND THROUGH THE APP STORE FOR APPLE PRODUCTS AND THROUGH THE PLAY STORE FOR ANDROID PRODUCTS.)
In your device’s app store, search for Duo Mobile
The mobile app will look like what is shown below.
1.Download the app.
2.Launch the Duo
Mobile app.
3.If the Duo Mobile
app requests permission
to send you notifications,
we recommend
allowing this.
4.You may need to
Accept the License
Agreement before
continuing for the first
time.
.
We recommend you use a smartphone as a primary 2FA device.
The Duo Mobile App allows you to approve your connections
at any time with just a swipe and a click of your phone.
A QR CODE WILL APPEAR FOR USE TO CONNECT YOUR DEVICE TO DUO. THE NEXT STEP WILL BE TO ADD AN ACCOUNT THROUGH THE APP AND ALLOW IT TO USE YOUR CAMERA TO SCAN THE ACTIVATION CODE ON THE SCREEN IF YOU DON’T WANT TO USE YOUR CAMERA YOU CAN HAVE IT EMAILED TO YOU.
ANOTHER OPTION IS USING 2FA
TOKENS-
• Hardware tokens are small, portable devices that you can use to generate an authorization code. Tokens are a good choice if you cannot or do not want to use your personal device for 2FA. Your dept. can purchase one of two University-approved devices from the University Webstore:
• The OTP C100 token ($10) is a small device that can be attached to a keyring. It has a single button that you press to generate a passcode that you can manually enter into the 2FA screen when prompted.
• The Yubikey ($35) is a small USB device that you insert into your computer. You can click a button on the token to generate and automatically enter a code into your 2FA screen.
Using tokens
• Once you've obtained your token, connect your device with your UI Verify account by registering your device's ID number. Follow the instructions provided with your token to find the registration number.
TOKENS THAT CAN BE PURCHASED
THROUGH THE WEBSTORE –(DEPT.
PURCHASE FOR UNIVERSITY PROPERTY)
University 2FA OTP Token$10.00 (prices may change)
University 2FA YubiKeyToken$35.00(prices may change)
Two Factor Authentication (2FA) OTP token is a University approved device that is programmed to work with the University’s 2FA solution and used in combination with your username/password to prove your identity.
A 2 Factor Authentication (2FA) YubiKeytoken is a University approved USB device that is programmed to work with the University’s 2FA solution and used in combination with your username/password to prove your identity.
How to Associate with your University IdentityOnce a token is purchased, and before it can be used with 2FA, it must be associated with a University identity. To learn how to associate a token to your identity refer to: https://answers.uillinois.edu/internal/2fa-token
“HOW WILL I DO MY JOB IF I FORGET MY PHONE OR TOKEN AT HOME?”
Temporary Codes
• Option 1: Call Service Desk to request a temporary code
• Option 2: Temporary Codes via email (must setup non-University email address in advance)
• Limit 12 temporary codes per person per calendar year
27
For Assistance:
•Chicago: (312) 413-0003 or [email protected]•Springfield: (217) 206-6000•Urbana: (217) 244-7000•System Offices: (217) 333-3102