Beginning in May 2018, OIT will activate a product called Duo Two-Factor Authentication to increase the security of your CGU login credentials. Two-factor authentication provides a second layer of security to any type of login, requiring extra information or a physical device to log in, in addition to your username and password.
By requiring two different channels of authentication, we can protect user logins from remote attacks that may exploit stolen usernames and passwords. As you are aware, security breaches based on compromised usernames and passwords have been on the increase, some as a result of phishing emails. You can learn more about two-factor authentication by watching this YouTube video.
During the initial phase in May, Duo security will only be in effect when logging into Workday, Kronos, Library, and Axiom applications. During the second phase on a future date yet to be determined, Email, PeopleSoft and other applications will be protected by Duo.
Multifactor authentication (MFA) is a process that requires additional steps to prove the identity of the person logging into a system. There are three types of factors:
At CGU we will use the first two factors for authentication. First you will log into systems as usual with your CGU login credentials. Then you will authenticate your identity using a device such as a mobile phone. A number of device options are available (described below).
Phishing and brute force attacks are increasing exponentially, and so are the risks that your credentials may be stolen and your passwords compromised. Duo provides a second layer of protection beyond your password, to ensure that every login from every device is legitimate. This helps us protect you, your work and CGU.
You will need to enroll in Duo if you use a CGU application or service that requires it, such as Workday. It takes less than five minutes to enroll.
An individual who is enrolled in Duo will use both their password and a device such as a mobile phone or landline phone when logging into Duo-enabled systems with their CGU login credentials.
If you login fresh to an application, then you will receive a prompt every time you login. However, you can set Duo to remember you for 7 days on a given application and device. You would still get your password prompt, but not the Duo prompt.
Once Duo is completely rolled out, all CGU staff (including classified and salaried staff, temporary, part-time and full-time faculty, visiting scholars, and anyone else with access to DUO-secured resources) will be required to use it for systems and applications where it has been enabled.
Supported devices include:
You do not need to have a mobile device to use Duo. Landlines (like an office or home phone) can be used to authenticate via a phone call.
You may enroll as many devices as you want. In fact, we recommend enrolling multiple devices.
Even if your mobile device does not support the Duo application, you can still use your device to receive phone calls for Duo authentication.
Yes. Landlines and mobile devices can be shared by multiple individuals. This may be common in shared office environments or family members who share a home phone number.
Yes. Keeping the Duo app up-to-date ensures that any bugs or security vulnerabilities are resolved as quickly as possible.
While authenticating with Duo through a web browser, you may see a "Remember me for 7 days" option. If the computer is not a shared or public machine, you can enable this option. This will remain in effect as long as you are authenticating on the same computer and browser and do not clear browser cookies.
If you configured Duo to automatically call your phone or send you a push notification, the "Remember me for 7 day" option may be grayed out or hidden when the Duo prompt first appears. You must click "Cancel" on the blue bar, and repeat the authentication process to access the "Remember me" checkbox.