Two-Factor Authentication FAQs
- What will be changing?
Staff now have the option to use two-factor authentication when accessing University resources from off campus. Staff are encouraged to opt-in and use two-factor-authentication. Staff who use two-factor authentication will no longer have to change their password every 90 days.
- What is Two-Factor Authentication?
Two-Factor Authentication – also known as 2FA, TFA, or two-step verification – is an extra layer of security that ensures a person trying to log into an online account is who they say they are. Logging in via 2FA requires not only a username and password, but also something that only that user has, such as a piece of information only they would know, or a physical token or mobile device. For the University’s purposes, we are adopting the use of a personal device that only the user has; a mobile phone or tablet.
More information can be found on the Two Factor Authentication page
- What are the benefits of two-factor authentication?
Two-factor authentication will significantly increase the security of off-campus access to University resources, especially mitigating the impact of phishing. This will greatly improve the security of the University’s overall network by limiting the cases of hacked and corrupted user accounts.
One of the other benefits to University staff, aside from the added protection of their personal information, is that they will no longer be required to change their password every 90 days.
- How do I opt-in?
First, ensure you are currently using a strong password (preferably a passphrase) or set a stronger, more memorable password using the Password Changer tool on the staff homepage.
Second, visit the Duo two-factor enrolment page and follow the instructions. You will need to have your mobile device handy. Duo is the University’s external provider of two-factor authentication security.
- When will I have to use two-factor authentication?
Two-factor authentication will only need to be used to access University web-based systems through single-sign-on (standard Waikato login page) when access is from off-campus. Two-factor-authentication will also be required for Virtual Private Network (VPN) remote access.
- Will I have to use two-factor authentication every time I log in from off campus?
If access is via different computers/devices each time then, yes. However, if access is via the same device/computer and you select “Remember me for 30 days” on the second-factor authentication screen then two-factor authentication will only be required every 30 days. (If you are using a device that is not yours, is public (internet cafe), or you feel is not secure, we recommend not selecting this option.)
- What methods of two-factor authentication are available?
The Duo two-factor authentication solution has a number of methods available:
- Duo Push Notification: Download and install the Duo Mobile app (available for iPhone and Android on the iTunes and Google Play stores) and register the app against your account. As long as your smartphone or tablet has internet access, Duo will ‘push’ a “please confirm” notification to the Duo Mobile app for you to ‘approve’ or ‘deny’.
- Passcodes in the Duo App: If no internet connection is available for the two-factor device, the Duo Mobile app can generate a 6 digit passcode to be entered into the passcode text box.
- SMS Passcodes: Selecting ‘Enter Passcode’ will trigger the Duo solution to send you a Text message containing 10 passcodes. Enter the first passcode to gain access. Subsequent passcodes (the Duo solution will prompt you as to which of the 10 passcodes to use) are then used each time you need two-factor authentication.
- Phone Callback: The Duo solution can call you on a pre-selected landline or mobile phone and provide you with a computer verbal passcode.
- Security Tokens: The Duo solution works with a number of USB and other physical security tokens. However, there is a cost associated with procuring these. Please contact the Service Desk if you would like to know more.
- How do I register my mobile device (using either the Duo Mobile app and/or recording my mobile number for SMS text), or my phone number (landline or mobile)?
You will be prompted to enable these as part of your two-factor authentication enrolment. User documentation is available at https://duo.com/docs/device-management. However, please contact the Service Desk for enabling security tokens.
- What if I receive a push notification, text, or phone call, but I have not tried to log in to my account?
DO NOT approve any requests to access your account if they have not come from you. This means someone else has tried to access your account, either by gaining knowledge of your password and username, or your account has been hacked by another means. A general reminder, you should never share your password with anyone nor write it down.
- What if I change mobile devices or wish to use a different phone number?
You can simply change these on Duo Self Service portal.
- What if my mobile device is lost or stolen? Won’t my user login then be vulnerable?
As long as you haven’t written down your username and password and kept this with your mobile device then whoever has your mobile device will not have your ‘first factor’ (password) to use with the ‘second factor’ they now have. However, please report the loss of your mobile device to the Service Desk as soon as possible – as they can revoke the device’s Duo registration (and remote wipe it if it’s a University-owned device that contains sensitive information).
- What if I forget my password?
The process for password reset/retrieval is still the same – please see the Sign-in Help page, or contact the Service Desk.
- Where can I find more information on the Duo two-factor authentication solution? Are there any more comprehensive help pages I can refer to?
There’s a comprehensive set of user guides at that explains the process in detail.
The University has provided a Self Service tool through which you can log your own support tickets (jobs). You can also search for a previously logged ticket to check it's status. For urgent jobs you can phone the ITS Service Desk: ext 4008 (838 4008) for support.