Two-Factor Authentication FAQs

What is two-factor authentication (2FA)?
Two-Factor Authentication – also known as 2FA, or two-step verification – is an extra layer of security that ensures a person trying to log into an online account is who they say they are. Logging in via 2FA requires not only a username and password, but also something that only that user has, such as a piece of information only they would know, or a mobile device, or a physical token. At the University of Waikato we are implementing Duo 2FA and adopting the use of a mobile phone or tablet as our preferred second security layer.

Why is the University adding a second layer of authentication?
Two-Factor authentication is an Audit NZ requirement and must be implemented by the end of 2018.

What are the benefits of Duo two-factor authentication?
Duo 2FA will significantly increase the security of off-campus access to University resources, especially mitigating the impact of cyber security attacks such as phishing and malware. This will greatly improve the security of the University’s overall network by limiting the cases of hacked and corrupted user accounts. As well as the added protection of your personal information, Duo 2FA means you will no longer be required to change your password.

When do I have to do this by?
All staff wanting to access University resources from off campus need to have Duo 2FA enabled by the 1st of December 2018. Duo 2FA will be compulsory from 1 December. We encourage staff to  enable two-factor authentication as soon as possible.

When will I have to use Duo 2FA authentication?
When you are accessing University resources from off campus.
When you are accessing the University via a Virtual Private Network (VPN).

Does Duo 2FA authentication work outside of NZ?
Yes authenticating via the Duo App or YubiKey is fully functional from all countries outside of NZ, including China.

What if I don’t have a Wi-Fi connection or cellular reception?
No problem. Tap the V icon in the Duo Mobile app to generate an authentication passcode. You do not need an internet connection or a cellular signal to generate these passcodes.

When do I not have to use Duo 2FA authentication?
When you are on any of the University of Waikato campuses using the Waikato wired or wireless network.

Will I have to use two-factor authentication every time I log in from off campus?
Yes, if access is via different computers and/or browsers each time.
Selecting the “Remember me for 30 days” the first time you authenticate each browser on each computer you use lessens the need to do this as often.
If the computer is not yours (eg; internet cafe, borrowed) we recommend not selecting the remember me option.

Is there a cost associated with using the Duo 2FA App?
No - there is no cost to you for using Duo 2FA from your mobile device. The Duo app uses 2KB per push (eg; 500 pushes in a month would use less than 1MB).

What happens if I miss the 1 December deadline?
You will not be able to access any University resources from off campus until Duo 2FA is enabled. You will need to contact ITS in order to facilitate this. Please phone the Service Desk on 838 4008, or contact your local ICT Consultant.

How do I register?
First, ensure you are currently using a strong password (preferably a passphrase) or set a stronger, more memorable password using the University of Waikato Password Reset Page. This page should also be used if have forgotten your current password.
Second, visit the Duo two-factor enrolment page and follow the instructions. You will need to have your mobile device handy. There are several authentication options available.

What if I have forgotten my Apple ID?
You need to visit the Apple ID page to look it up.

What if I don’t have a mobile device?
If you don’t have a mobile device or don’t wish to use your personal device, ITS can provide a physical token known as a YubiKey which can be registered to you for this purpose.

What if I change mobile devices or wish to use a different phone number?
You can simply change these on the  Duo 2FA Device Management page.
If you are using the recommended Duo Push option, you can set up more than one device and choose whichever is most convenient when you login - the Duo app is tied to the phone, not the sim card. If you are changing phones we recommend enrolling the new phone in Duo 2FA first, then delete the app off the old phone and remove the service from the management console.

What if I swap the SIM in my phone?
Duo 2FA enrolment is based on the device, rather than the network account - swapping your SIM will not affect your ability to authenticate from that device.

What if my mobile device is lost or stolen? Won’t my user login then be vulnerable?
As long as you haven’t written down your username and password and kept this with your mobile device then whoever has your mobile device will not have your ‘first factor’ (password) to use with the ‘second factor’ they now have. Your mobile device is also protected via a pin number or touch ID, so a thief would be very unlikely to be able to obtain access to the Duo app. However, the loss  of your mobile device should be reported to the ITS Service Desk as soon as possible – as they can revoke the device’s Duo registration (and remote wipe it if it’s a University-owned device that contains sensitive information).

What if I have problems with Duo 2FA?
What do I do if my account is locked because I have not used it for some time?
Please refer to our Duo 2FA Self Help Pages.
Contact the Service Desk.
Talk to your local ICT Consultant.

Where can I find more information?
More information can be found on our Waikato Duo 2FA Self Help page.
There is also a comprehensive set of user guides produced by Duo that explains the process in detail.