Multi-Factor Authentication
Multi-Factor Authentication adds an extra layer of security to your Hawkeye accounts by requiring something you know, such as your username and password, plus something unique that you have, such as your phone or a Hawkeye provided key fob. By combining your password with one of these factors, attackers can't access your account.
Hawkeye will be implementing Duo Security Multi-Factor Authentication for staff and faculty members. Once activated, staff and faculty members will need to verify their identity twice before they can access essential Hawkeye web applications — once with their password and once with a trusted device. We will be rolling out this feature in waves starting on July 1, 2022.
Duo Security Multi-Factor Authentication provides a more secure computing environment for Hawkeye and aligns with industry standards and best practices.
Services that will be protected by Duo Security Multi-Factor Authentication include:
- My Hawkeye
- Colleague
- Canvas
- Zoom
- Google G Suite
- Panopto
Additional services will be protected by multi-factor authentication in the future as they are added.
What is Two-Factor Authentication? Why is it Important?
-
Passwords can be hacked, stolen, or guessed. With Multi-Factor Authentication, even if someone has your password, they will not gain access to your Hawkeye account without access to your trusted device.
-
Colleges around the world, including the Hawkeye, are high-priority targets for hackers. Multi-factor authentication is a critical part of our cyber strategy to strengthen defenses against attacks.
-
Stolen Hawkeye credentials can be leveraged to gain unauthorized access to protected personal information and data.
-
Multi-factor authentication prevents almost 100% of attacks based on credential theft.
-
Multi-factor authentication allows you to protect your account from wherever you are located.
Receiving Access Codes to your Trusted Device
Users must register at least one device that can receive push notifications or codes. This device can be a private office phone, cell phone, tablet, and/or an approved code-generating key fob. You can enroll in multiple authentication methods.
When users attempt to log into a Hawkeye computer system protected by multi-factor authentication, the system will “challenge” the user by requesting a second factor of authentication. This second factor will be provided through the secure method(s) you select during registration.
Duo Mobile App
The preferred and recommended method for delivering access codes and/or push notifications is via the Duo Mobile app, which can be installed on any supported smartphone or tablet.
Users are encouraged to use personally owned or Hawkeye provided smartphones or tablets for the Duo Mobile app. The use of jailbroken/rooted devices is prohibited.
Enroll in the Duo Mobile App
SMS Text Message
Users are encouraged to use the Duo Mobile app, however receiving Duo Security multi-factor authentication codes via SMS text message is an option for users who do not have a smartphone or tablet but do own a mobile device capable of receiving SMS text messages.
Enroll in Duo Security to receive authentication codes via SMS text message
Phone Call
Approve a login attempt with a phone call from Duo Security.
When enrolling in Duo Security Multi-Factor Authentication, select the phone number option. The phone number option is suitable for private office phones and landlines.
Shared office phones should not be used to receive access codes to verify your identity. Classroom phones do not have the ability to receive access codes.
Enroll in Duo Security to approve a login attempt with a phone call
Hawkeye Provided Key Fob
Users who do not have a smartphone or tablet and cannot receive SMS text messages or phone calls may request approval from their supervisor for a code-generating key fob that will be provided by CIS.
Users will need to be aware of potential syncing issues, token costs, and how to maintain the tokens.
Lost or Stolen Devices
If a user’s registered device is lost, stolen, or the user has reason to suspect their Hawkeye login credentials have been compromised, the user must contact CIS immediately.
Forgot Your Mobile Device at Home?
If you forget your mobile device at home and do not have an alternate way to authenticate, call the CIS Helpdesk to request a One-Time By-Pass code.
Fraudulent Access Requests
If someone else attempts to access your online resources using your username and password you will be notified of this attempt via one of the Duo Security authentication methods you've enrolled in to validate your own login attempts.
If you receive a validation request that was not generated by yourself and you suspect fraud, deny the request via the mobile app or by pressing the "0" key if you received a phone call. This will reject the authentication request, the login attempt will fail, and the fraudulent login attempt will be reported as fraud.
Exceptions
Any exceptions to this policy must be approved by the Chief Information Officer.