Two-Factor Authentication Resources
What is Two-Factor Authentication at NC State?
Two-factor authentication adds a layer of security in addition to your password when accessing your NC State Google account and Shibboleth-secured web-sites. The added security protects your accounts and data. Two-factor authentication is also referred to as “multi-factor” and “two-step” authentication or verification. Don’t let the terms confuse you – they all refer to adding an additional layer of security to your authentication process.
NC Sate OIT notified all faculty and staff (including student and no-pay employees) via email of the 2FA requirement on March 2, 2017. The deadline for enrollment is October 31, 2017. See https://oit.ncsu.edu/it-security/2fa/#learnmore for more information.
Where do I enroll? https://go.ncsu.edu/2fa
Here are some other sites that you may find helpful:
- NC State YouTube Videos for Duo https://www.youtube.com/playlist?list=PLZNiS4ptquOn_o8RkgL-OIfnRVB7vj-nd
- NC State YouTube Videos for Google 2-Step
What happens if you don’t get enrolled by the deadline or if you put off enrollment?
Many people are planning on waiting until the deadline or close to the deadline to enroll. This is a very bad plan. Most people at CVM who have enrolled so far, have done so without issue. Computing Resources staff have only had to assist a few people so far. We are not staffed – and neither is OIT – to assist a large number of people who wait to the last minute and the run into problems.
If you don’t enroll in 2FA for Google by 10/31/17, you will not have access to your email on November 1, 2017. You will have to work directly with OIT to get your account enabled and enrolled before you will be able to get email or access anything you may have in Google Drive, Sheets, etc. CVM Computing Resources staff WILL NOT have access to the tools necessary to enroll you or activate your account.
If you don’t enroll in Duo for Shibboleth by 10/31/17, you will have to enroll the first time you access a Shibboleth protected web site.
What are some common misconceptions and misinformation about 2FA?
You have to have a smart phone with data and/or texting plan.
- The authenticator apps do require a device (mobile/smart phone, tablet/ipad, etc) that will run them but they DO NOT require mobile data to generate an authentication code
- USB Security keys can be used as authenticating devices. These devices can be obtained from your departments.
- If you begin your Google enrollment by using your cell phone number and do not add the Google Authenticator app or a security key as a device, you have only setup texting to your phone as your authentication method. This is not recommended and can be unreliable in areas of poor cell reception or overseas.
You have to authenticate everytime you login.
- The authenticator screens for both Duo and Google have a check box you can use to “remember this device for 30 days”.
- You will have to authenticate on each new device you use to check your email (or access Shibboleth web sites).
What kind of problems could you have during enrollment?
What we have seen as the most common problems so far are:
- Password and UIA (security question) issues. Your Google password and your Unity passwords are not synced.
- Mobile devices are not up to date. Android and IOS devices should be running the most current operating system they can handle to avoid compatibility issues with the mobile authenticator apps.
- Security keys work with Chrome not Internet Explorer. Firefox requires plug-ins and still may have problems. So check your email and Google apps with Chrome.
- Chrome must be current. CVM PCs will have the current versions. CVM Apple computers may need to be upgraded with a current version.