Going Forward: Students, Faculty and Staff Can Self-Enroll
Credit Students: The deadline to self-enroll in two-factor authentication is on or after the third Monday of each semester.
If you are seeing an "Access Denied" page:
(Note: Graduate Students hired by Georgia Tech are considered Employees and required to be enrolled in Two-factor Authentication immediately upon hiring.) You may follow the same FAQ as Credit Students, above, to rectify your account access.
A Two-Factor-Enrollment warning panel is displayed when new students and employees use Georgia Tech’s Login Service if they have not enrolled in two-factor authentication.
All credit students (online or on campus) are required to enroll in Two-Factor Authentication during the first two weeks of the semester and will be unable to log into applications without a two-factor device after that. The deadline to self-enroll in two-factor authentication is on or after the third Monday of each semester.
All employees (faculty, staff, student assistants, GRAs, GTAs, etc.) are required to use Two-Factor Authentication as soon as their hiring paperwork is completed.
You can use this link for more information. "How do I enroll myself in two-factor authentication using Duo."
Please remember - To keep yourself from being locked out - Generate & Print BACKUP CODES (use Passport -> Two-Factor Authentication -> Generate Backup Codes)
All credit students (online or on campus), as well as any faculty or staff who are currently seeing the Georgia Tech Login Service Attention page with the warning that you are required to enroll in Two-Factor Authentication, please note that the deadline to self-enroll in two-factor authentication is the third Monday of the semester. You can use this link for more information. "How do I enroll myself in two-factor authentication using Duo."
Good news. If you are a credited student (online or on campus), faculty or staff who has not yet enrolled in two-factor authentication using Duo, you no longer need to seek out a friend, an IT staff member, or visit the Technology Support Center to enroll. You now have the capability to enroll yourself. If you are a credited student, see the steps to self-enroll under the "For Students" menu option above. If you are an employee, see the steps to self-enroll under the "For Employees" menu option above. To go directly to instructions to self-enroll, click on this link "How do I enroll myself in two-factor authentication using Duo." (https://faq.oit.gatech.edu/content/how-do-i-enroll-myself-self-enroll-two-factor-authentication )
Students, Faculty and Staff Can Enroll Each Other
Are you new to campus and need to enroll? Has one of your colleagues been locked out and needs to be "rescued" to log in to Tech systems? Using the "self-enrollment" option in Passport, you can enroll others, have a colleague enroll you, or provide a one-time rescue code if someone you know can't access their device. While the directions below refer to students helping students, they apply to all students, faculty and staff on the Tech campus.
For those needing to be enrolled:
- For more detailed instructions: How do I (student with Two-factor) enroll other students I know, in Two-factor?
You can also visit the Technology Support Center, Clough Commons, Room 215, located behind Starbucks or if you are in a residence hall, go to Wreck Techs to be enrolled.
For those helping a friend to enroll:
You now have the power to enroll your friends in just 4 easy steps using the Student Onboarding Tool! To help your friends beat the deadline, do the following:
1. Identify your friend or friends needing to enroll and tell them you can enroll them.
2. Have each friend come to you with their Buzzcard. Go to passport.gatech.edu and find "Assist Another Person" in the left menu bar.
3. Follow the prompts to enroll your friend making sure to check their Buzzcard and add their GTID when prompted.
4. When you come to the page describing the steps your friend needs to take to complete enrollment, ask him/her to log in to Passport to complete their enrollment.
That's it. You've helped a friend!
Students Attending FASET Now Enrolled in Two-factor Authentication
Over 2000 students attending FASET Marketplace this year were enrolled in two factor authentication due to a new streamlined procedure which allowed them to install the Duo app and be enrolled by Tech staff while picking up their Buzzcards. The new step, which is a collaboration between the Information Technology Group (ITG) and the Office of Information Technology (OIT), gives students the opportunity to learn more about two-factor authentication and Duo features while being enrolled by volunteers. Teams of volunteers from various colleges and administration vetted each student in staggered shifts, which resulted in shorter lines and wait times between the Duo app installation and full activation. Based on the number of students enrolled during the Buzzcard process, the volunteer teams along with ITG and OIT plan to incorporate two-factor enrollment for incoming freshman in future FASET Marketplace events.
Enrolling Students in Two-factor Authentication
The Office of Information Technology (OIT) in partnership with the Information Technology Group (ITG) from Campus Services is ramping up plans to enroll all students in two-factor authentication using DUO by October 16, 2017. The first phase of student enrollment begins with students attending the FASET program. Volunteer teams in OIT, ITG, and Wreck Techs will be at every FASET Marketplace, which is located in the Georgia Tech Bookstore. FASET students not able to attend the Marketplace are advised to go to the Technology Support Center (TSC) located in Clough Commons, Room 215 (behind Starbucks) to enroll.
New Video and Updated Employee Form Now Available for Students and New Hires
Georgia Tech is continuing its campus-wide initiative to enroll all new faculty, staff, and students in two-factor authentication using Duo with a new video and a change in new hire paperwork. The video offers a quick overview of two-factor authentication and how to use the Duo app at Georgia Tech. It is available for viewing on OIT's YouTube site.
The updated New Employee form provides instructions on enrolling in two-factor authentication for all new employees (faculty and staff) once they receive a temporary password from the Office of Human Resources (OHR). Revised in collaboration between OIT and OHR, the updated New Employee form is part of the onboarding process and ensures new employees are enrolled in two-factor when they first arrive on campus.
Using Two-factor Authentication Remotely with VPN (Virtual Private Network)
Beginning March 1, using Tech systems and services remotely via VPN (Virtual Private Network) will require an additional layer of security by using two-factor authentication. For step-by-step instructions, refer to the Quick Reference Guide on Remote Login Using VPN with Two-Factor Authentication.
For non-Cisco VPN Users: if you are using another application to log in remotely, such as IPsec, you will need to switch to Cisco AnyConnect. Please refer to the FAQ on switching to AnyConnect- “How Do I Get Started with the Campus VPN.”
To read more about using VPN with Two-factor Authentication, including your options for entering your second factor (push, code number, etc.), refer to the links below.
To install the Cisco AnyConnect VPN application: https://faq.oit.gatech.edu/content/how-do-i-get-started-campus-vpn
Two-Factor Authentication – Quick Reference Guide http://www.twofactor.oit.gatech.edu/sites/default/files/images/duo_quick_reference_guide_2016.pdf
Security Risk Using Text Messaging Option in Two-factor Authentication
Using text messages as an authentication method will no longer be an option after Wednesday, February 15, 2017. The use of SMS/text messages for authentication purposes has been deemed as a security risk according to a new standard published earlier this year by National Institute for Standards and Technology (NIST). DUO supports the findings of NIST and as a consequence will no longer support the use of SMS as an authentication method.
If you currently use SMS for authentication to Georgia Tech, there are several other methods you can use with two-factor authentication at Georgia Tech. To learn more about how to use these options, please refer to the Quick Reference Guide or see your local IT support professional to understand your options.
For a complete list of contacts, please refer to the Departmental Support Contacts List or visit the Two-factor Authentication website. For more information on the security issue in using text (SMS) with two-factor authentication, please see Duo’s new guidelines in partnership with NIST or the NIST’s report.
Notice for LastPass Users Unable to Login to Duo from the CAS Page (Chrome Users Only)
If you are using LastPass, please note that version 4.1.38 of the LastPass extension for Chrome has an issue that makes the Duo login form on the CAS login page unusable. If the CAS page is not working for you, please use another browser or disable the LastPass extension. You can read more details and check the status of this problem at Duo’s Incident page.
New to Georgia Tech? How to Enroll in Two-factor Authentication
Georgia Tech uses two-factor authentication to help protect the Institute’s data. If you are a new employee, you’ll need to include two-factor authentication to your login process.To prepare for enrollment, follow the Pre-checklist for Two-factor Enrollment Using Duo. To start using Duo, the application Tech used for implementing additional security, see your departmental IT support staff, or your hiring manager. You can find a list of IT contacts from the “For Users” tab in the link “List of Departmental Contacts for Enrolling in Two-factor Authentication."
"Remember Me for a Day" Option Extends from One to Seven Days
For users currently using the “Remember me for 1 day” option on the Duo app, there’s good news. The time required by any user to authentication using the Duo app has changed from one day to seven days. This means users who have checked this option on the Duo app will not need to authenticate with their second factor, the Duo app, for seven days after they've initially logged in and authenticated.
To use this feature, specific parameters must be met. These parameters include not changing browsers for seven days and/or not changing devices used to authenticate for seven days. For example, if a user has the “Remember me for 7 days” checked on the Duo app, but uses a different browser on the same device, or if a user uses a different device during the week, the Duo app will require a new authentication option. The "Remember me for 7 days" will only work If using a single device and the same browser for seven consecutive days.
New Self-Service Options Available for Users and IT Administrators
Self Service Options on the Duo App
1. Add a New Device – Use this feature if you have only one mobile device enrolled and you’d like to add a backup device, or if your primary device is lost or stolen and you replaced it with a new device in case you forget your mobile device or the battery needs recharging on your mobile device. (Note: This feature is available when logging into CAS, but not available when logging into Passport.)
2. Call Me or Set up a Secondary Device in Passport– If you elect to use an office phone as a backup device, you can select this option as a “Call Me” feature. To use this as a backup authentication option, go to Passport (www.passport.gatech.edu) and set up a secondary device such as an office phone. Options are located on the left menu of Passport under “Two Factor.” Please keep in mind that any phone used on campus as a “second factor” must be located inside a locked office space. Phones which are publicly accessible are not acceptable.
3. Remember Me for a Day - If you select Duo’s “Remember Me for A Day” option at the authentication prompt, you’ll only need to use two-step authentication once every 24 hours. You’ll only need to authenticate again if you switch to a new device within the 24 hour period, e.g. desktop to laptop, or laptop to tablet. (Note: This feature is available when logging into CAS, but not available when logging into Passport.)
Self Service Options in Passport
Users of Passport who are also users of two-factor authentication (Duo) can use new self-service options from the Passport menu for onboarding new users and for helping those who may need a temporary code to access systems and services.
Using the "Web of Trust" features
These features provide authorized two-factor users with the ability to onboard new users to two-factor with Duo using a "web-of-trust" feature. Authorized users can also help other users access systems and services in the event that their device is not available by giving them a 24-hour rescue code.
Note that only authenticated staff (and Mage administrators/IT leads) have rights to assist another person at this time.
Using backup codes and status indicators in Passport and CAS
Other new features in Passport not related to onboarding include:
- Providing each Duo user with the ability to generate and print backup codes in Passport.
- Offering a new status listing in Passport and CAS (login.gatech.edu) that indicates whether a two-factor user needs to add backup devices or print backup codes to help ensure he/she can access systems and services that require two-factor authentication.
Look for additional enhancements coming soon including using two-factor authentication with VPN.
For questions, email 2FA@oit.gatech.edu.
Office of the Provost Begins Adoption of Two-Factor Authentication
Division of Administration and Finance Adopts Two-factor Authentication
In an ongoing effort to bring two-factor authentication to the Georgia Tech campus, the Division of Administration and Finance began deploying two-factor authentication in April 2016 following the deployment of the Office of Development and Office of the President in late 2015. Additionally, several schools and colleges have expressed interested in adopting two-factor authentication for their faculty and staff. Deployment of two-factor authentication using Duo to other schools and departments will continue through 2016.
New Enhancements to the Duo Login Screen
Duo now allows a user to chose an option "Remember me for a day" on the login screen to limit the number of times he/she must authenticate while logged into Tech's systems.
Duo updated the two-factor authentication screen used to login to applications. They’ve introduced new features to enhance the user experience by 1) displaying how each authentication method works before a user selects an option and 2) providing an easy way to enroll new devices and utilize more self-service options.
Learn About New Features for Duo
For more information on these new enhancements, click on the following link.