All staff are encouraged to enable two-factor authentication when logging into University resources from off campus. Duo 2FA will be made compulsory for all staff for external access to University ICT systems by 1 December this year.
Two-Factor Authentication – also known as 2FA, TFA, or two-step verification – is an extra layer of security that ensures a person trying to log into an online account is who they say they are. Logging in via 2FA requires not only a username and password, but also something that only that user has, such as a piece of information only they would know, or a physical token or mobile device. For the University’s purposes, we are adopting the use of a personal device that only the user has; a mobile phone or tablet.
Two-factor authentication will significantly increase the security of off-campus access to University resources, especially mitigating the impact of phishing. This will greatly improve the security of the University’s overall network by limiting the cases of hacked and corrupted user accounts.
Also, staff who use two-factor authentication will no longer have to change their password.
Before registering for two-factor authentication, please ensure you are currently using a strong password (preferably a passphrase). Please set a new strong, memorable password using the Password Changer tool on the staff homepage prior to enrolling for 2FA.
Table of Contents:
- Registering for 2-Factor Authentication
- Authenticating with Duo
- Adding or changing devices in Duo
- Removing a device from Duo
- Further Information
Registering for 2-Factor Authentication (2FA)
Duo is the University’s external provider of two-factor authentication security. To register for 2FA:
- Vist the Duo two-factor enrolment page
- Login with your University of Waikato login as required
- Click Start Setup then follow the instructions. You will need to have your mobile device handy
- Duo will offer several options for your two-factor device. We recommend using a Mobile Phone as the registered device.
- Select Country New Zealand and confirm your mobile number.
Please note that you can leave off the leading 0 on your mobile number. (i.e. if your phone starts with 021, 022 or 027, you can just enter 21, 22 and 27).
Ensure the tick box beneath has the correct mobile number displayed and tick to verify.
- On the next page, confirm which type of phone you have:
Once you have selected the device type, you will be directed to download the Duo Two-Factor Authentication app from your devices app store.
Please note the below links are to be used from your registered device only.
For Android devices, you can download it here on the Google Play StoreFor Apple iOS devices, you can download it here in the App Store
For Windows devices, you can download it from the Microsoft App Store
Once the app has been downloaded, follow the on-screen registration instructions to open the application and press the "+" icon in the top right corner of the app. It will require you to scan the barcode on the screen.
Once registered you will be required to use two-factor authentication when accessing University systems via single-sign-on (applications and web pages requiring you to log in via the University Login page) from off-site. However, you have the option to select “Remember this device for 30 days”, so that two-factor authentication is required less often. (If you are using a device that is not yours, is public (e.g. internet cafe), or one you feel is not secure, we recommend not selecting this option.)
Authenticating with Duo
When accessing University of Waikato Systems and Services off campus, Duo will require you to verify your login with an extra step to verify your identity. Below are the recommended methods for authenticating with Duo
Recommendation 1- Duo Push
Duo Push is available via the Duo App on your smartphone or tablet. This is recommended as the easiest and quickest way of authenticating for most users but is reliant on you having your smart device with you in whatever location you are logging in from.
The Duo App works on most modern smartphones and tablets. Duo Push does not cause any delay for the authenticator (other than navigating the app or any specific network lag) and does not incur any additional costs for the University. You can enrol your use of the Duo App at https://duo.waikato.ac.nz. The Duo App uses minimal storage and resources and operates independently of any University systems and controls, so it can be readily used on personal devices.
Duo Push does require your device to be online (connected to a cellular or wifi network), however, the Duo App can work in offline mode too as it can generate passcodes by clicking on the key icon:
Recommendation 2 – Yubikey
If you prefer a physical hardware solution or if you travel regularly (particularly if there is mixed cellular coverage) or if you often do not have your smart device with you, then Yubikey is the recommended option for you. This is a USB second-factor authentication device that slots into a USB port on the computer you are using. These keys are small and discrete and can be purchased directly from ICT Procurement. Once you have a Yubikey you will not need to use the Duo App or SMS Text service.
Yubikey's are available for purchase from ICT Procurement
If you'd like to purchase a Yubikey, please contact your local IT Consultant, or speak with ICT ProcurementAlternatively, they can be purchased through the ICT Procurement Catalogue
Recommendation 3 – SMS Text
The text message option is recommended for those who do not have a smartphone or tablet that can run the Duo App, or who are only required to connect to the University network on a more irregular basis (such as while attending conference or training course). The SMS Text message process is a much better option than Call Me (the Duo system calling you) as Duo will text a batch of 10 codes for you to use in one message, and once you have used all 10 codes (Duo prompts you which of the 10 codes to use next) Duo will automatically send you another batch.
ITS strongly recommends the use of Duo Push or Yubikeys for those staff who are high users of the service as this reduces the demand on the Call Me or SMS Text credits, and makes authentication easier for staff.
Adding Devices from Duo
If you are already enrolled in Duo Two-Factor Authentication, you are also able to add and remove devices from this service at any time. You will especially need to do this each time you get a new device as you will need to reactivate the Duo Mobile app on each device individually.
To add a device you will need to:
To add another device, click the +Add another device link on the page. This will take you through steps 4-6 of the registration process where you
Confirm which type of device it is. This will direct you to the appropriate link to download the software for your device
Removing a Device from Duo
To remove a device you will need to :
- Login to https://duo.waikato.ac.nz
- Authenticate using one of the above-recommended options. (Duo Push using the mobile app is recommended)
- You will see the My Settings & Devices page.
- Click Device Options next to the device you would like to remove / de-register from Duo.
- Click the icon beside the device you want to remove from Duo.
Note: This option will not be available if you only have one device registered. This is because at least one device needs to be active in order for you to use Duo Two-Factor Authentication to log in.
Want to know more about Duo?
Further information on how the Duo App works can be found here: https://guide.duo.com/ or alternatively, talk to your local ICT Support team to discuss how to get the most out of Duo.
There is also set of FAQ’s located on the ICT Self Help pages here
Thank you in advance for considering a more cost-effective 2FA option
The University has provided a Self Service tool through which you can log your own support tickets (jobs). You can also search for a previously logged ticket to check its status. For urgent jobs you can phone the ITS Service Desk: ext 4008 (838 4008) for support.