Two-factor Authentication Frequently Asked Questions
Q. How do I get started?
A. Instructions are available here: https://inside.ewu.edu/2fa/
Q. What is two-factor authentication?
A. two-factor authentication adds an extra layer of security on your account by requiring you to have something you know (username and password) and something you have (e.g., cell phone or hardware token). When applications and services require two-factor, it will prevent anyone but you from accessing using your account, even if someone else knows your password.
Two-factor requires a unique security code each time your account is accessed on an untrusted device, application or web browser.
EWU has licensed Duo for two-factor authentication.
Q. Why is EWU requiring this for employees?
A. Unfortunately, account compromises and malicious attacks have become more numerous and frequent at EWU. Passwords alone no longer provide a sufficient degree of safety. If your EWU account is "hacked", criminals will have access to your personal information and everything in your Office 365 Account, your Banner account, and all the online services of InsideEWU. Most credential breaches can be stopped by two-factor authentication.
In addition, compliance and regulatory concerns are compelling us to implement two-factor authentication.
Q. Who else uses two-factor authentication?
A. The use of two-factor authentication is quickly becoming the norm for most universities and colleges. In addition, federal and state governments have mandated two-factor authentication use for years. Regionally, schools like the University of Idaho, Washington State University, and Central Washington University already require it or soon will. The state of Washington requires two-factor authentication for most of their agency systems and all remote access. Nationally, schools like Notre Dame, Penn State, the University of Nebraska, Michigan State and the University of Minnesota, and many others already require it.
The Department of Education is considering requiring two-factor authentication for schools to continue receiving federal financial aid.
Q. What are the benefits of using two-factor?
A. The main benefit of using two-factor Authentication is a significant increase in protection of your account. If you receive a security code or push notification when you are not trying to log in to your account, you’ll immediately know that someone else is attempting to do so. If this does happen, you should change your password and contact the EWU Information Technology department!
- Two-factor adds an extra barrier between your personal information and the bad guys.
- Two-factor can help keep attackers from accessing your email, documents, payroll, personal information, or research data.
- Two-factor reduces the risk of hackers using your EWU account to perform harmful activities.
- Two-factor helps protect EWU's systems
Q. I don't have anything confidential in my account, why should I care about two-factor authentication?
A. Most attackers are interested in using your username and password to break into the secure internal network so that they can look for vulnerabilities on the thousands of sensitive internal systems on campus. Alternately, attackers will login to a user’s email account and send out hundreds or thousands of phishing messages to other faculty, staff and students in an attempt to compromise their computers and get access to sensitive information. Another very common tactic is for hackers to alter your direct deposit information so your paycheck or, if you are student, financial aid is deposited in their account instead.
Q. What services will be affected by implementing two-factor authentication?
A. Duo protects services that you log in through InsideEWU, including Office 365, Google Workspace, Canvas, Banner and Eaglenet. Duo protection has also been added to select services like VPN.
Q. Can I also enable 2-Step Verification for Office 365?
A. No, they are not compatible services.
Q. Can I also enable 2-Step Verification for Google Workspace?
A. Yes. Enabling 2-Step verification for Google Workspace will provide additional protection for services like Google Drive, Docs, YouTube, etc.
Q. Do I have to use a mobile device?
A. There are several methods that can be used, including a mobile device app, SMS text message, and voice phone call options. While using a mobile device is most convenient option and the one that most users prefer, faculty, staff, and students may request a hardware token instead. Replacement costs for lost or stolen tokens are the responsibility of the student or department.
Q. Can I use Duo without downloading the DUO mobile app?
A. Yes, you can. If you do not want to download and use the DUO mobile app on your smartphone, you can specify this during the device enrollment process. You must choose "other" when selecting the smartphone's operating system.
Q. Does EWU gain control of my personally-owned mobile device once I enable Duo?
A. No! By installing Duo on your mobile device, you do not provide EWU with any additional ability to access your device or monitor your personal activity.
Q. Does installing or using Duo with my personally-owned mobile device comply with state ethics laws?
A. Yes! No university or state-owned information is stored in Duo.
Q. Are there record retention requirements if I install or use Duo with my personally-owned mobile device?
A. No! All records and logs are stored in the Duo service, not your mobile device. This is one of the reasons that the service is so secure.
"If you use Duo Mobile, there is no data stored on your smartphone or tablet. Period. We use Duo Mobile because it’s simple and secure, and one of the reasons for this is it creates no records on your personal device.
If you receive phone callbacks, there is no data on your phone and you can delete the metadata from your phone’s history of recent incoming calls because it’s transitory and the administrative purpose is fulfilled as soon as you’ve completed the call.
In each case, the result is the same: no data related to 2FA on your device that’s subject to disclosure."
Q. Who is eligible at EWU to use two-factor authentication?
A. All faculty, staff, and students.
Q. I have more questions. How can I learn more about two-factor authentication?
A. Please check our two-factor site at https://inside.ewu.edu/2fa/ or check out these additional articles in our knowledgebase:
If you have additional questions that are not answered in these articles, please contact the IT Help Desk (509.359.2247), email@example.com.