Q. What is two-factor authentication?
A. two-factor authentication adds an extra layer of security on your account by requiring you to have something you know (username and password) and something you have (e.g., cell phone or hardware token). When applications and services require two-factor, it will prevent anyone but you from accessing using your account, even if someone else knows your password.
Two-factor requires a unique security code each time your account is accessed on an untrusted device, application or web browser.
EWU has licensed Duo for two-factor authentication.
Q. Why is EWU implementing this?
A. Unfortunately, account compromises and malicious attacks have become more numerous and frequent at EWU. Passwords alone no longer provide a sufficient degree of safety. If your EWU account is "hacked", criminals will have access to your personal information and everything in your Office 365 Account, your Banner account, and all the online services of InsideEWU. Most credential breaches can be stopped by two-factor authentication.
In addition, compliance and regulatory concerns are compelling us to implement two-factor authentication.
Q. What are the benefits of using two-factor?
A. The main benefit of using two-factor Authentication is a significant increase in protection of your account. If you receive a security code or push notification when you are not trying to log in to your account, you’ll immediately know that someone else is attempting to do so. If this does happen, you should change your password and contact the EWU Information Technology department!
- Two-factor adds an extra barrier between your personal information and the bad guys.
- Two-factor can help keep attackers from accessing your email, documents, payroll, personal information, or research data.
- Two-factor reduces the risk of hackers using your EWU account to perform harmful activities.
- Two-factor helps protect EWU's systems
Q. I don't have anything confidential in my account, why should I care about two-factor authentication?
A. Most attackers are interested in using your username and password to break into the secure internal network so that they can look for vulnerabilities on the thousands of sensitive internal systems on campus. Alternately, attackers will login to a user’s email account and send out hundreds or thousands of phishing messages to other faculty, staff and students in an attempt to compromise their computers and get access to sensitive information.
Q. What services will be affected by implementing two-factor authentication?
A. Duo protects services that you log in through InsideEWU, including Office 365, G Suite, Canvas, Banner and Eaglenet. Duo protection has also been added to select services like VPN.
Q. Can I also enable 2-Step Verification for Office 365?
A. No, they are not compatible services.
Q. Can I also enable 2-Step Verification for G Suite?
A. Yes. Enabling 2-Step verification for G Suite will additional protection for services like Google Drive, Docs, YouTube, etc.
Q. Do I have to use a mobile device?
A. There are several methods that can be used, including a mobile device app, SMS text message, and voice phone call options. While using a mobile device is most convenient option and the one that most users prefer, faculty and staff may request a hardware token instead. Replacements for lost or stolen tokens will be charged to the user's department. Students must purchase their own tokens.
Q. Can I use Duo without downloading the DUO mobile app?
A. Yes, you can. If you do not want to download and use the DUO mobile app on your smartphone, you can specify this during the device enrollment process. You must choose "other" when selecting the smartphone's operating system.
Q. Does EWU gain control of my personally-owned mobile device once I enable Duo?
A. No! By installing Duo on your mobile device, you do not provide EWU with any additional ability to access your device or monitor your personal activity.
Q. Does installing or using Duo with my personally-owned mobile device comply with state ethics laws?
A. Yes! No university or state-owned information is stored in Duo.
Q. Are there record retention requirements if I install or use Duo with my personally-owned mobile device?
A. No! All records and logs are stored in the Duo service, not your mobile device. This is one of the reasons that the service is so secure.
Q. Who is eligible at EWU to use two-factor authentication?
A. All faculty and staff. At present time, we have not licensed Duo for students.
Q. How do I get started?
A. Instructions are available in our knowledgebase.