Tech Tip of the Week

Win an Apple Watch from the Duke Security Office! Visit the OIT Security Office website, and watch the phishing video. It’s 10 minutes well-spent, and best of all, you can register to win an Apple Watch at the end.

Multifactor Authentication

Do you know what options you have with Mutifactor Authentication (MFA)? National Cybersecurity Month is a good time to review the various ways you can use MFA. Your online security is one of our top priorities. As a member of the DUSON community, your data is protected with MFA and you have different ways to use it, depending on where you are. Here’s what you need to know.

The Basics

MFA, also known as two-factor authentication, relies on two factors of evidence to allow you in to various computer systems – (1) know something (your password) and (2) have something (a device or passcode). This greatly reduces the likelihood of a successful cyber-attack using your account and keeps Duke School of Nursing data safe. Take a look at the MFA User Guide. It’s a great way to learn more about using the system.

Three types of MFA Factors

Most MFA factors are based on one of three types (Duke uses the first two):

• Things you know (a password or pin);

• Things you have (a badge or smartphone);

• Things you are (fingerprint, iris or voice recognition) 

Large data-sensitive systems also use Adaptive Authentication as another factor, such as location, time-of-day and device type. You’ve probably noticed these with your bank and social media logins. 

What’s at Duke?

Duke University and Health System uses DUO to provide multifactor authentication services. When logging into a Duke site requiring MFA, the image to the left is displayed.

NOTE: If you ever login to a Duke system and you do not see this familiar login, please check to make sure you are on the right webpage.

Duo provides these options for using MFA. You can use one of the following:

• Duo Push: If the Duo mobile app is installed on your smartphone, you will receive a notification that you can either approve or deny (the most common way to use Duo)

• Phone Call: You can receive a phone call from Duo with instructions on approving or denying the attempt (this is useful in your office or at your home desk)

• Passcodes via Text: You can receive a batch of one-time use pass codes via text message. The codes do not expire and are valid until used

• Passcodes via Duo Mobile App: Use the Duo Mobile app to receive a single passcode. Just tap the key next to “Duke University” in the mobile app. This code must be used immediately

• Temporary passcodes: You can obtain a batch of temporary passcodes by logging into the multifactor home page, verifying yourself using Duke’s challenge-response. These passcodes can be used only once and expire in 72 hours

• Generate a passcode with Yubikey: A Yubikey is a hardware token you can use to perform MFA. See our IT Service Desk for more information regarding Yubikeys

One of these six factors can be used to complete Duke’s MFA and provide access to Duke services.

Having Problems with MFA?

The most frequent request related to MFA is that a user does not have access to their smartphone. Here’s what to do if you don’t have your device with you:

• Login to the Multifactor home page

• Use your password, then verify yourself using challenge-response

• Receive your passcodes

 • You can also receive passcodes by pressing “Forgot Device” on the login screen

Each passcode can be used once and all will expire in 72 hours.

Note: Use this option if you are traveling and do not have access to your phone or your phone does not have service.

Extra Credit

Use MFA on all websites for which you have the option, not just Duke websites.

Most web pages that require logging in have developed multifactor options similar to Duke. Even your social media accounts. Enabling multifactor authentication on these sites is quick and provides additional protection for your data.

To enhance your online safety, combine MFA with LastPass on all websites you visit. This will protect your devices, your data and Duke’s data.

Have any questions about this or other tech used at DUSON? As always, if you have any technical questions or problems, please contact your IT Service Desk at 919-684-9200 or email to SONIT-Support@Duke.edu.