What is Duo Two-Factor Authentication?
Two-factor authentication (2FA) helps ensure that no one besides you can access your account. It adds a second level of security to the authentication or login process. 2FA is commonly referred to as “Something you have and something you know” as you need to “have” your smartphone, landline, or cellphone with you and “know” your standard username and password. A user must provide the correct password and also confirm (via an app on a smartphone, receiving a phone call, text message, etc.) that they are who they say they are before being granted access. You may have worked with something like this before if you do any online banking - as many banking websites now send you a text or make a call to verify your identity in addition to requiring a password.
Why is SU Using Duo Two-Factor Authentication?
SU is improving security to help prevent account theft and theft of personal information. Having only a password between the user and critical data is no longer enough. Currently, 2FA is being applied to the PeopleSoft Financials system, but plans include 2FA being used for all confidential and sensitive system access on campus. For these systems, SU will begin requiring the use of a "second factor" in addition to your NetID password during the login process. Users will use something called "Duo" to authenticate. You will use an app on your smartphone, or receive a text on your regular cellphone, or get a call on a landline as the "second factor" to allow you into the system. You will register these numbers ahead of time, and no one will be able to log into your account unless they can also use your device (Smartphone, Cellphone, Landline) at the same time. This makes it very difficult for someone you don't know to gain access to your account - even if they somehow know your password.
Have Questions about How Duo Two-Factor Authentication Works at SU?
DUO Two-Factor FAQs (login required)