Duo Security - Multifactor Authentication
In May 2018, OIT activated a product called Duo Two-Factor Authentication to increase the security of your CGU login credentials. Two-factor authentication provides a second layer of security to any type of login, requiring extra information or a physical device to log in, in addition to your username and password.
By requiring two different channels of authentication, we can protect user logins from remote attacks that may exploit stolen usernames and passwords. As you are aware, security breaches based on compromised usernames and passwords have been on the increase, some as a result of phishing emails. You can learn more about two-factor authentication by watching this YouTube video.
During the initial phase in May, Duo security will only be in effect when logging into Workday, Kronos, Library, and Axiom applications. During the second phase on a future date yet to be determined, Email, PeopleSoft, and other applications will be protected by Duo.
Why are we deploying Duo?
- To help prevent unauthorized access to your accounts. As a CGU employee or student, you may have access to confidential and sensitive information about students, the college, and even yourself (see policy on safeguarding confidential and sensitive information. Adding a second authentication mechanism makes it more difficult for someone else to gain access to that information, even if your password is exposed because the attacker won't have access to your second-factor device.
- Increasingly, organizations are turning to two-factor as a way to increase security. Duo is the most commonly used solution in higher education.
- To reduce the likelihood of CGU users' accounts being compromised through phishing or similar breaches.
WORKDAY IPHONE APP - DUO SPECIAL PROCEDURE:
- Open Workday iPhone App
- Login with CGU Username and Password.
- When the Duo screen appears, if you want to use the "Send Me a Push" button, touch that button, then touch and drag down slightly on the resulting banner at the top of the screen (see screenshot).
WHAT IS MULTIFACTOR AUTHENTICATION
Multifactor authentication (MFA) is a process that requires additional steps to prove the identity of the person logging into a system. There are three types of factors:
- Something you know (such as a password)
- Something you have (such as a smart card)
- Something you are (such as a fingerprint).
At CGU we will use the first two factors for authentication. First, you will log into systems as usual with your CGU login credentials. Then you will authenticate your identity using a device such as a mobile phone. A number of device options are available (described below).
THIS SEEMS LIKE EXTRA WORK FOR ME. WHY DO I NEED TO USE DUO?
Phishing and brute force attacks are increasing exponentially, and so are the risks that your credentials may be stolen and your passwords compromised. Duo provides a second layer of protection beyond your password, to ensure that every login from every device is legitimate. This helps us protect you, your work, and CGU.
CAN I OPT OUT?
You will need to enroll in Duo if you use a CGU application or service that requires it, such as Workday. It takes less than five minutes to enroll.
HOW DOES IT WORK?
An individual who is enrolled in Duo will use both their password and a device such as a mobile phone or landline phone when logging into Duo-enabled systems with their CGU login credentials.
HOW OFTEN DO I NEED TO RE-AUTHENTICATE?
If you log in fresh to an application, then you will receive a prompt every time you login. However, you can set Duo to remember you for 7 days on a given application and device. You would still get your password prompt, but not the Duo prompt.
WHO IS REQUIRED TO USE DUO?
Once Duo is completely rolled out, all CGU staff (including classified and salaried staff, temporary, part-time, and full-time faculty, visiting scholars, and anyone else with access to DUO-secured resources) will be required to use it for systems and applications where it has been enabled.
WHERE CAN I GO FOR MORE INFORMATION, TRAINING OR SUPPORT?
WHAT MOBILE DEVICES ARE SUPPORTED?
Supported devices include:
- Traditional cell phones that support phone calls
- Smartphones running Apple iOS (iPhone), Android, Blackberry or Windows Phone, which can support the Duo mobile app or phone calls
- Tablets running Apple iOS (iPad, iPod) or Android that can support the Duo mobile app
I DON'T HAVE A SUPPORTED MOBILE DEVICE. WHAT OPTIONS DO I HAVE FOR USING DUO?
You do not need to have a mobile device to use Duo. Landlines (like an office or home phone) can be used to authenticate via a phone call.
HOW MANY DEVICES CAN I REGISTER
You may enroll as many devices as you want. In fact, we recommend enrolling multiple devices.
I AM UNABLE TO INSTALL THE DUO APPLICATION ON MY MOBILE DEVICE BECAUSE MY DEVICE IS NOT SUPPORTED OR NOT RUNNING A RECENT OPERATING SYSTEM. WHAT CAN I DO?
Even if your mobile device does not support the Duo application, you can still use your device to receive phone calls for Duo authentication.
CAN I ENROLL A SHARED DEVICE?
Yes. Landlines and mobile devices can be shared by multiple individuals. This may be common in shared office environments or family members who share a home phone number.
SHOULD I ALLOW MY DUO MOBILE APP TO UPDATE AUTOMATICALLY?
Yes. Keeping the Duo app up-to-date ensures that any bugs or security vulnerabilities are resolved as quickly as possible.
I DON'T WANT TO LOG IN EVERY DAY. HOW DO I GET DUO TO REMEMBER ME FOR AN EXTENDED PERIOD OF TIME?
While authenticating with Duo through a web browser, you may see a "Remember me for 7 days" option. If the computer is not a shared or public machine, you can enable this option. This will remain in effect as long as you are authenticating on the same computer and browser and do not clear browser cookies.
If you configured Duo to automatically call your phone or send you a push notification, the "Remember me for 7-day" option may be grayed out or hidden when the Duo prompt first appears. You must click "Cancel" on the blue bar, and repeat the authentication process to access the "Remember me" checkbox.
IS THE DUO MOBILE APP FREE? WHEN I TRY TO GET DUO FROM THE APPLE APP STORE, I'M ASKED FOR PAYMENT INFORMATION.
Yes, the Duo mobile app is free and can be downloaded from Apple Store, Google Play or the Microsoft Store.