How does 2FA work at UD?

After you enter your username and password, a second log-in screen prompts you to verify yourself. You choose and respond to one of the methods:

Screen shot of Duo 2FA verification prompt

  • Send a push notice to your smart phone: Open the 2FA app on your phone and tap "Approve."
  • Call your phone: Answer your phone and listen to the instructions. Press the indicated key to complete the process.
  • Type in a passcode: Activate your phone app or hardware token to get a one-time-use passcode. Enter the passcode in the 2FA login screen.

Why does UD need 2FA?

With unflagging determination and unfortunate success, hackers are boldly seeking to breach systems and capture data they can use to exploit individuals and institutions. Often, they gain access to data through compromised passwords. Numerous instances of data hacking have already affected millions of people, including us at University of Dayton with the Anthem breach.

Institutions, businesses and governments across the country and around the world are turning to 2-factor authentication to help mitigate the vulnerability of compromised passwords. The University of Dayton is joining the movement to 2FA to protect our employee, student, institutional, and academic systems. Your personal data, UD's business-critical data, and all systems vulnerable to attack need as much protection as possible. 2FA greatly enhances the protection available to online systems.

As members of the UD community, we can contribute to protecting one another's online assets by practicing responsible stewardship of our data resources. 2FA is one such way of doing our part.

2FA safeguards the UD community from the damages caused by data breaches --

  • exposure of personal information, intellectual property or institutional information
  • loss of trust and reputation
  • expensive remediation

Watch this video about UD's 2FA program to learn why 2FA is needed and how 2FA works.

Who is required to use 2FA?

University of Dayton employees, including part-time, UDRI employees and contractors, are required to use 2-factor authentication when logging in to protected applications. Student employees (including GAs) will be required to use 2FA starting spring 2017.

Note to UDRI employees: Access to UDRI-specific systems will require an additional, separate 2FA account. You should enroll in UD's 2FA system for access to benefits information, electronic W-2s, UD Gmail and other non-UDRI systems.

Which systems are protected by 2FA?

Have you ever wondered how you can log into many different applications with your one and only UD username and password? By way of a bit of technical explanation, we use a central authentication management tool that allows you to access multiple applications while providing your username and password only once. We also use a federated identity management system that allows UD usernames and passwords access to many other systems operated outside of the university. These two umbrella tools provide us powerful account management options and provide you a single username/password credential to multiple systems.

UD's 2-factor authentication system checks your identity whenever you log into an application under the umbrella of the central authentication system and the federated identity management system.

SYSTEMS UNDER UD'S 2FA UMBRELLA (AS OF SEP 2016)

When logging into these applications, you will also be prompted for 2-factor authentication.

Banner BDM Educause (via Shibboleth/InCommon) NetX (creative.udayton.edu)
Banner INB Everbridge OrgSync
Banner Workflow FMInteract Runway
BenefitFocus Google Apps (Gmail, Drive, Calendar, etc) School of Law library reserve (Overdrive)
BoardEffect HBOGo Salesforce (TargetX)
CITI Isidore StudioAbroad
CourseLeaf Library resources via libproxy.udayton.edu Student Success Network (Starfish)
CoursEval Library resources available via OhioLink TeamDynamix
DegreeWorks Lifesize (Hosted version) Warpwire
DigitalMeasures National Student Clearinghouse And... Any additional resources authenticated via Shibboleth/InCommon

Does 2FA apply to off campus/study abroad as well?

2FA verification is required anytime you log into a protected system whether you are on campus or off campus.

When travelling internationally, you will need to have a functioning 2FA device (phone, tablet or token) to access Gmail, OhioLINK, and any other 2FA protected UD system. The smartphone/tablet app (Duo Mobile) can function as a non-connected digital token providing passcodes for use anywhere, anytime. So even if your phone or tablet is not usable as a cellular or wireless device, it is still able to generate passcodes for 2FA. An alternative would be for you to request a hardware token to take overseas.