Setting Up 2-Factor Authentication

— Written By

ABOUT NC STATE TWO FACTOR

NC State is working to increase the security of the accounts used by members of staff. One method to increase security of accounts is to enable two factor authentication (2FA). Two Factor, also known as Two Step, is a process where a second step is added to the login procedure after your Username and Password have been accepted.  NC State created a video to help explain this:

NC State will require all users to enable Two Factor authentication on both Google and Shibboleth (Unity) accounts.

If you have not enabled Two Factor by the time the requirement is enforced then you will be unable to use the account until Two Factor is enabled for that account.  The Extension Helpdesk would like to get everyone enrolled and working before the requirement is enforced.  The following instructions will help in setting up Two Factor for both Google and Unity accounts.

QUESTIONS AND SOME ANSWERS

There are always questions when a new requirement is implemented and here are our answers to them.

Is this necessary?  Yes. The helpdesk has seen a severe uptick in phishing attacks that try and trick users into giving up their username and passwords.  These phishing attacks are not only more common but they are just really good at tricking people.

How does Two Factor prevent phishing?  Two Factor does not prevent phishing attacks.  Two Factor puts up a new barrier once your username and password have been compromised.  This barrier is something only you have and most likely have on you.

Is this going to cause me more work? A tiny bit. You will be directed to a new page to complete your second factor after login.  You will enter your second factor and off you go.  Pay attention and you will notice that a check box on the page will let you go for 30 days before having to enter the second factor again.

I only have to do this once every 30 Days? Kind of.  You will need to enter your Two Factor for each computer/browser combo you use.  If you use both Chrome and Firefox on the same computer then you will need to enter the two factor information in each brower.  The same is true if you use a web browser on a smartphone.

Will this affect my ability to check email on my smartphone and tablets? Yes.  You will need to generate an app password in your google account to let your smartphone/tablet login to your account. You can generate an app password at this link https://security.google.com/settings/security/apppasswords .

What if I do not have a smartphone?
We have directions below for using text messages (SMS) and directions if you have no cell phone at all.

Do I have to download software and use my smartphone for this? No you do not but the apps make it easier.  They provide a way to get a code even if cell service in your office is not good.  The apps also lets you authenticate in different manners. This has proven to be the easiest method for interacting with two-factor.

If I use my cellphone for this will it be subject to records search? No. The University lawyers have said that using your phone for 2-Factor authorizations will not subject the phone to records searches.

Follow the directions below for the scenario you find yourself in.

DIRECTIONS

SMARTPHONES – Apple iOS and Android

Please download the software linked below to your smartphone before going on.  If you do not want to use an app on your smartphone then skip to the directions for “text message setup”.

Apple iOS

Duo – https://itunes.apple.com/us/app/duo-mobile/id422663827?mt=8

Google Authenticator – https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8

Android

Duo – https://play.google.com/store/apps/details?id=com.duosecurity.duomobile

Google Authenticator – https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Google Two-Step

  1. Log in to http://g.co/2sv using Chrome
  2. Start by setting up “Voice or Text Message” option
  3. Next print out the “Backup Codes”
    1. Store these somewhere safe
  4. Setup the “Google Authenticator” app
  5. If you were given an USB 2FA key then “Add Security Key”

DUO

  1. Log in to https://docs.shib.ncsu.edu/duoenroll/ using Chrome
  2. Add a new device and choose your smartphone type.
  3. Follow the directions to setup your smartphone
  4. If you have a USB 2FA key then choose to Add a Device
    1. Choose U2F Token and follow directions

You are done setting up your smart phone

TEXT MESSAGE SETUP

Google Two-Step

  1. Log in to http://g.co/2sv using Chrome
  2. Start by setting up “Voice or Text Message” option
    1. Choose the Text option
  3. Next print out the “Backup Codes”
    1. Store these somewhere safe
  4. If you were given an USB 2FA key then “Add Security Key”

DUO

  1. Log in to https://docs.shib.ncsu.edu/duoenroll/ using Chrome
  2. Add a new device and choose mobile phone.
    1. When asked what type of phone you have answer “Other”
    2. Finish the setup
  3. If you have a USB 2FA key then choose to Add a Device
    1. Choose U2F Token and follow directions

NO CELLPHONE

Google Two-Step

  1. Log in to http://g.co/2sv using Chrome
  2. Start by setting up “Voice or Text Message” option
    1. Choose the Voice option
  3. Next print out the “Backup Codes”
    1. Store these somewhere safe
  4. If you were given an USB 2FA key then “Add Security Key”

DUO

*** You must have a USB 2FA Key and use Chrome***

Log in to https://docs.shib.ncsu.edu/duoenroll/ using Chrome

  1. Add Security Key

Written By

Photo of Nathan SnodgrassNathan SnodgrassOperations and Systems Specialist (919) 513-7000 nathan_snodgrass@ncsu.eduExtension Information Technology - NC State University
Updated on Mar 16, 2017
Was the information on this page helpful? Yes check No close
This page can also be accessed from: go.ncsu.edu/readext?452350