Staff are encouraged to use two-factor authentication when logging into University resources from off campus.
Two-Factor Authentication – also known as 2FA, TFA, or two step verification – is an extra layer of security that ensures a person trying to log into an online account is who they say they are. Logging in via 2FA requires not only a username and password, but also something that only that user has, such as a piece of information only they would know, or a physical token or mobile device. For the University’s purposes, we are adopting the use of a personal device that only the user has; a mobile phone or tablet.
Two-factor authentication will significantly increase the security of off-campus access to University resources, especially mitigating the impact of phishing. This will greatly improve the security of the University’s overall network by limiting the cases of hacked and corrupted user accounts.
Also, staff who use two-factor authentication will no longer have to change their password every 90 days.
Before enrolling for two-factor authentication, please ensure you are currently using a strong password (preferably a passphrase). Please set a new strong, memorable password using the Password Changer tool on the staff homepage prior to enrolling for 2FA.
Enrolling for 2-Factor Authentication (2FA)
Duo is the University’s external provider of two-factor authentication security. To enrol for 2FA:
- Vist the Duo two-factor enrolment page
- Login with your University of Waikato login as required
- Click Start Setup then follow the instructions. You will need to have your mobile device handy
- Duo will offer several options for your two-factor device. we recommend using a Mobile Phone as the registered device.
- Select Country New Zealand and confirm your mobile number.
Please note that you can leave off the leading 0 on your mobile number. (i.e. if your phone starts with 021, 022 or 027, you can just enter 21, 22 and 27).
Ensure the tick box beneath has the correct mobile number displayed and tick to verify.
- On the next page, confirm which type of phone you have:
If you select “iPhone”, “Android” or “Windows Phone” then you will be directed to download and install the free Duo Mobile App onto your phone. While we certainly recommend this option (as it allows you to use your phone for two-factor authentication even if it doesn’t have a network connection), if you would prefer not to install the Duo Mobile App then you need to select Other.
Selecting “Other” sets up your phone for SMS Text passcodes only. For information, the available two-factor options are:
- Duo Push Notification: Download and install the Duo Mobile app (available for iPhone and Android on the iTunes and Google Play stores) and register the app against your account. As long as your smartphone or tablet has internet access, Duo will ‘push’ a “please confirm” notification to the Duo Mobile app for you to ‘approve’ or ‘deny’.
- Passcodes in the Duo App: If no internet connection is available for the two-factor device, the Duo Mobile app can generate a 6 digit passcode to be entered into the passcode text box. Simply click the key button beside “University of Waikato” on the Duo Mobile App’s screen and the temporary passcode will be shown.
- SMS Passcodes: Selecting ‘Enter Passcode’ will trigger the Duo solution to send you a Text message containing 10 passcodes. Enter the first passcode to gain access. Subsequent passcodes (the Duo solution will prompt you as to which of the 10 passcodes to use) are then used each time you need two-factor authentication.
- Phone Callback: The Duo solution can call you on a pre-selected landline or mobile phone and provide you with a computer verbal passcode.
- Security Tokens: The Duo solution works with a number of USB Two-Factor (U2F) and other physical security tokens. However, there is a cost associated with procuring these. Please contact the Service Desk if you would like to know more.
- Once Enrolled you will be required to use two-factor authentication when accessing University systems via single-sign-on (applications and webpages requiring you to login via the University Login page) from off-site. However, you have the option to select “Remember this device for 30 days”, so that two-factor authentication is required less often. (If you are using a device that is not yours, is public (e.g. internet cafe), or one you feel is not secure, we recommend not selecting this option.)
VPN Remote Access: Once enrolled, 2FA is also required for VPN remote access. At the second authentication prompt simply enter a passcode, or enter “push1”, “phone1” or “sms1” for a Duo Mobile App push notification, a landline call, or for a SMS Text with 10 more passcodes respectively.
Duo has a comprehensive set of user guides on their website.
There are a set of FAQ’s located on the ICT Self Help pages here
The University has provided a Self Service tool through which you can log your own tickets (jobs). You can also search for a previously logged ticket to check it's status. For urgent jobs you can phone the ITS Service Desk: ext 4008 (838 4008) for support.