Two-Factor Authentication

Two-Factor Authentication Banner

Ìý

Phishing attempts are at an all-time high, and a single compromised MIDAS account poses a risk to sensitive university data and critical services. As an added layer of protection, we require all faculty, staff and students to log in to ¹ÏÉñÍø services using two-factor authentication.

What is two-factor authentication?

Two-factor authentication adds an additional layer of security to online accounts by requiring you to verify that you are who you say you are. After logging in to an ¹ÏÉñÍø system with your MIDAS ID and password, you'll be prompted to confirm your identity a second time using a physical device in your possession (like a smartphone or token) that's been attached to your account.

Why do I need two-factor authentication?

The truth is, we have seen more professionally organized and sophisticated phishing attacks against our ¹ÏÉñÍø community in the past year than ever before, and passwords are no longer a strong enough protection on their own.

Imagine this: An attacker sends an email to several hundred ¹ÏÉñÍø students. One student - just one - is fooled by the email and unwittingly hands over her MIDAS ID and password. Until we catch the suspicious activity, the attacker has access to all of that student's ¹ÏÉñÍø data.

Or this: An attacker sends an email to several employees, and the message appears to come from payroll. One person - just one - logs in to what he believes to be Leo Online, only to realize later that his account was compromised and his direct deposits have been redirected to the attacker's bank.

Now imagine: An attacker successfully steals your MIDAS ID and password. When he tries to log in, he's asked to provide your second factor. But you have your second factor (your smartphone or token) safely in your possession, so he can't get any further. He remains locked out.

Two-factor authentication adds an additional layer of protection to the personal information and infrastructure entrusted to us.

Sounds good, but will it slow me down?

Two-factor authentication only adds a couple of seconds to your login. But if you regularly use the same computer and web browser, you can use the "Remember Me" feature to save more time.

Ìý

What kind of devices can I use as a second factor?

Smartphone or tablet with Duo Mobile app (recommended)

The Duo Mobile app is the quickest, easiest and most secure method of two-factor authentication supported by ¹ÏÉñÍø. Install the Duo Mobile app on your smartphone or tablet and use your mobile device as your second factor.

After you log in to an ¹ÏÉñÍø service with your MIDAS ID and password, you'll be prompted to authenticate. When you select the option "Send Me a Push," Duo sends a notification to Duo Mobile on your device. Tap "Approve" to sign in.

You can also use the Duo Mobile app to generate a passcode if your mobile device doesn't have an internet connection.

Supported Platforms: Android 8.0+; iOS 12.0+

Legacy mobile phone with SMS

If you register a cell phone that is not smart, Duo Security can send you a text message as your second factor. Reply to the message to authenticate.

Hardware token

A hardware token is a small, physical device that you carry with you. When you register this one-button device, it will generate a one-time passcode that you can use each time you need to authenticate.

You can purchase Duo 100 tokens at the University Card Center for $26. (If you intend to purchase more than 10 tokens for a department, please contact the Card Center atÌýcardcenter@odu.eduÌýand allow 10 business days.)

You can also use other commercially available security keys like theÌý, or any token that produces generic 6- or 8-digit OATH-HOTP passcodes. (Department purchases should be made through a contract vendor.)

Software token

Software tokens work similar to hardware tokens, except that passcodes are generated by a piece of software on your computer rather than a separate physical device. One-time passcode (OTP) generators are usually free and easy to install. Just search for OTP generators that provide TOTP or HOTP authentication, and register the product as a software token during two-factor enrollment.

Note: As you decide which devices you need and how many to enroll, think about how you log in on a daily basis: Are you primarily at your desk? Do you use several computers across campus? Do you need to log in while traveling? And, most important, do you have a backup if your primary device gets lost or stolen?

Oops! I lost my device. What do I do?

If your registered smartphone, tablet or token is lost or stolen, please report it right away.

  1. Go toÌýÌýand log in.
  2. Click onÌýTwo-Factor Authentication.
  3. Click the button forÌýLost Phone/TabletÌýorÌýLost TokenÌýand follow the prompts.
Ìý

Get Help

If you need help setting up two-factor authentication, or if you have any login issues after enrolling, contact the ITS Help Desk.