Setting Up 2-Factor Authentication

— Written By
en Español

El inglés es el idioma de control de esta página. En la medida en que haya algún conflicto entre la traducción al inglés y la traducción, el inglés prevalece.

Al hacer clic en el enlace de traducción se activa un servicio de traducción gratuito para convertir la página al español. Al igual que con cualquier traducción por Internet, la conversión no es sensible al contexto y puede que no traduzca el texto en su significado original. NC State Extension no garantiza la exactitud del texto traducido. Por favor, tenga en cuenta que algunas aplicaciones y/o servicios pueden no funcionar como se espera cuando se traducen.

English is the controlling language of this page. To the extent there is any conflict between the English text and the translation, English controls.

Clicking on the translation link activates a free translation service to convert the page to Spanish. As with any Internet translation, the conversion is not context-sensitive and may not translate the text to its original meaning. NC State Extension does not guarantee the accuracy of the translated text. Please note that some applications and/or services may not function as expected when translated.

Collapse ▲

ABOUT NC STATE TWO FACTOR

NC State is working to increase the security of the accounts used by members of staff. One method to increase security of accounts is to enable two factor authentication (2FA). Two Factor, also known as Two Step, is a process where a second step is added to the login procedure after your Username and Password have been accepted. NC State created a video to help explain this:

NC State will require all users to enable Two Factor authentication on both Google and Shibboleth (Unity) accounts.

If you have not enabled Two Factor by the time the requirement is enforced then you will be unable to use the account until Two Factor is enabled for that account. The Extension Helpdesk would like to get everyone enrolled and working before the requirement is enforced. The following instructions will help in setting up Two Factor for both Google and Unity accounts.

QUESTIONS AND SOME ANSWERS

There are always questions when a new requirement is implemented and here are our answers to them.

Is this necessary?  Yes. The helpdesk has seen a severe uptick in phishing attacks that try and trick users into giving up their username and passwords. These phishing attacks are not only more common but they are just really good at tricking people.

How does Two Factor prevent phishing?  Two Factor does not prevent phishing attacks. Two Factor puts up a new barrier once your username and password have been compromised. This barrier is something only you have and most likely have on you.

Is this going to cause me more work? A tiny bit. You will be directed to a new page to complete your second factor after login. You will enter your second factor and off you go. Pay attention and you will notice that a check box on the page will let you go for 14 days before having to enter the second factor again.

I only have to do this once every 14 Days? Kind of. You will need to enter your Two Factor for each computer/browser combo you use. If you use both Chrome and Firefox on the same computer then you will need to enter the two factor information in each browser. The same is true if you use a web browser on a smartphone.

Will this affect my ability to check email on my smartphone and tablets? Yes. You will need to generate an app password in your google account to let your smartphone/tablet login to your account. You can generate an app password at this link https://security.google.com/settings/security/apppasswords .

What if I do not have a smartphone?
We have directions below for using text messages (SMS) and directions if you have no cell phone at all.

Do I have to download software and use my smartphone for this? No you do not but the apps make it easier. They provide a way to get a code even if cell service in your office is not good. The apps also lets you authenticate in different manners. This has proven to be the easiest method for interacting with two-factor.

If I use my cellphone for this will it be subject to records search? No. The University lawyers have said that using your phone for 2-Factor authorizations will not subject the phone to records searches.

Follow the directions below for the scenario you find yourself in.

DIRECTIONS

SMARTPHONES – Apple iOS and Android

Please download the software linked below to your smartphone before going on. If you do not want to use an app on your smartphone then skip to the directions for “text message setup”.

Apple iOS

Duo – https://itunes.apple.com/us/app/duo-mobile/id422663827?mt=8

Google Authenticator – https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8

Android

Duo – https://play.google.com/store/apps/details?id=com.duosecurity.duomobile

Google Authenticator – https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Google Two-Step

  1. Log in to http://g.co/2sv using Chrome
  2. Start by setting up “Voice or Text Message” option
  3. Next print out the “Backup Codes”
    1. Store these somewhere safe
  4. Setup the “Google Authenticator” app
  5. If you were given an USB 2FA key then “Add Security Key”

DUO

  1. Log in to https://docs.shib.ncsu.edu/duoenroll/ using Chrome
  2. Add a new device and choose your smartphone type.
  3. Follow the directions to setup your smartphone
  4. If you have a USB 2FA key then choose to Add a Device
    1. Choose U2F Token and follow directions

You are done setting up your smart phone

TEXT MESSAGE SETUP

Google Two-Step

  1. Log in to http://g.co/2sv using Chrome
  2. Start by setting up “Voice or Text Message” option
    1. Choose the Text option
  3. Next print out the “Backup Codes”
    1. Store these somewhere safe
  4. If you were given an USB 2FA key then “Add Security Key”

DUO

  1. Log in to https://docs.shib.ncsu.edu/duoenroll/ using Chrome
  2. Add a new device and choose mobile phone.
    1. When asked what type of phone you have answer “Other”
    2. Finish the setup
  3. If you have a USB 2FA key then choose to Add a Device
    1. Choose U2F Token and follow directions

NO CELLPHONE

Google Two-Step

  1. Log in to http://g.co/2sv using Chrome
  2. Start by setting up “Voice or Text Message” option
    1. Choose the Voice option
  3. Next print out the “Backup Codes”
    1. Store these somewhere safe
  4. If you were given an USB 2FA key then “Add Security Key”

DUO

*** You must have a USB 2FA Key and use Chrome***

Log in to https://docs.shib.ncsu.edu/duoenroll/ using Chrome

  1. Add Security Key