Submit a Help Request (804) 828-2227 | itsc@vcu.edu

 

DUO and CAS Logo

NOTICE: VCU Portal and VCU Google GSuite, including Email, Calendar, and Google Drive are scheduled to use VCU 2Factor Authentication on AUGUST 1, 2017. Blackboard will start using VCU 2Factor Authentication on AUGUST 15, 2017.  

 

In order to safeguard our information from cyber adversaries, VCU is integrating VCU 2Factor Authentication to its Central Authentication Service.

What is VCU 2Factor Authentication?

In the cyber security field, there are three factors that can be used to identify an individual to a computer system. These factors include:

  • Something you know (e.g. a user name, password, answer to a question)

  • Something you have (e.g. a phone, an ID card, or a hardware token)

  • Something you are (e.g. your fingerprint, retina/iris scan, or voice print)

Traditionally, the username and password model rely only on something you know, therefore is considered single factor authentication. The weakness with single factor authentication using something you know is the fact that an adversary can usually find ways to steal this information, thus allowing the adversary to masquerade as the victim. VCU 2Factor Authentication helps to drastically reduce the usefulness of stolen usernames and passwords, as it relies on one or more other factors in proving one’s identity in addition to the username and password.  

Why is VCU Doing This?

The beginning of a sophisticated cyber attack usually starts with a phishing scam. A phishing scam is a social engineering attack that utilizes phone call, email, social media or text message to trick a victim into disclosing information that he or she would normally not disclose. The end goal of phishing scams is usually the theft of login credentials such as usernames and passwords. Armed with the username and password of an individual, a cyber adversary can then masquerade as the victim, steal his or her personal information protected by those credentials, or silently compromise the organization for which the victim works while minimizing the chances of raising an alarm.

 

The implementation of VCU 2Factor Authentication will significantly reduce the likelihood that these stolen accounts can be used by a cyber adversary, as individual identities are verified by not only assigned login credentials, but also something the individual has in his or her possession.

How is This Done?

VCU already deployed its VCU 2Factor Authentication solution to various authentication services, and will continue to integrate the VCU 2Factor Authentication solution with the VCU Central Authentication Service.

For VCU’s deployment of VCU 2Factor Authentication to the Central Authentication Service, VCU will utilize the combination of your eID credentials and a message delivered to your phone using VCU 2Factor Authentication provider.

How Will I Be Affected?

VCU will integrate VCU 2Factor Authentication to all new applications protected by the Central Authentication Service. By default:

  • VCU 2Factor Authentication will be required for all faculty and staff accessing applications protected by the Central Authentication Service (CAS) when logging in from unknown and / or untrusted locations (e.g. off-campus).

  • VCU 2Factor Authentication will be optional for students accessing applications protected by the Central Authentication Service (CAS) when logging in from unknown and / or untrusted locations (e.g. off-campus).

  • Once an individuals signs up for the VCU 2Factor authentication service, the 2factor authentication service will be mandatory for any applications used by the individual.

  • A risk based approach will be taken with the VCU 2Factor Authentication implementation with the Central Authentication Service (CAS).  This means that you will be prompted to authenticate via VCU 2Factor only when logging into CAS protected VCU applications from unknown and / or untrusted locations only (e.g. off-campus).

  • All individuals using VCU 2Factor Authentication with the Central Authentication Service (CAS) will have the option to remember their device for 60 days when logging in from an unknown and / or untrusted locations (e.g. off-campus).

Registering with VCU 2Factor Authentication

Individuals who have never used VCU 2Factor Authentication, will need to watch the video or follow the text instructions below to enroll in the service.

Prefer reading instead of watching the above video? Please click here for the step-by-step instructions on registering your device with the VCU 2Factor authentication system.

Logging into CAS with VCU 2Factor Authentication

Individuals who are already enrolled in VCU 2Factor Authentication,
follow the instructions below to use with the VCU Central Authentication Service.

 

Prefer reading instead of watching the above video? Please click here for the step-by-step instructions on logging in with CAS and VCU 2Factor Authentication

 

Existing applications protected by Central Authentication Service will be migrated in phases to include support for VCU 2Factor Authentication within the next 12 months.

How Long Will the Project Take to Complete?

The migration schedule for all existing applications is listed below. VCU is planning to provide this capability to all CAS protected applications throughout 2017.

Fall 2016 / Winter 2017 - Phase one

The initial implementation phase will focus on small and low impact applications and websites used by specific departments or schools. The implementation time will span across December 2016 to the end of January 2017. Applications such as selected VCU departmental intranet sites, specific online request forms and small scale single function departmental web applications will be migrated through the initial phase. This phase is now complete.

Spring 2017 - Phase two

The second implementation phase will focus on high risk (based on information handled by the applications and sites and accessibility of the applications and sites from the Internet) and medium impact applications. The second implementation phase will focus on medium sized applications that may be used by multiple departments or schools. This phase is now complete.

Summer 2017 - Phase three

The third implementation phase will focus on high risk (based on information handled by the applications and sites and accessibility of the applications and sites from the Internet) and high impact applications. This phase will focus on enterprise applications that may be used by multiple schools or the University. This phase is in progress, migration of large enterprise applications such as Email, Blackboard, and Portal are scheduled to complete in August, 2017.

Fall 2017 - Phase four

The last implementation phase will focus on large enterprise wide applications used across the University. This phase will start by mid-Q4 2017.

Where Can I Find More Information?

For more information, please contact the VCU IT Support Center (itsc@vcu.edu, 828-2227) or VCU Information Security Office at infosec@vcu.edu.

Additional documentation for the VCU 2Factor Authentication initiative can be found at go.vcu.edu/duo.

 

FAQ

Q: If I have a new phone, how do I register and activate the DUO app on my new device?

If your new phone has the same phone number, then all you need to do is to simply login to the DUO Self-Service Portal to invoke VCU 2Factor Authentication.  After logging in with your eID and password, choose the “My Settings and Devices” link from the VCU 2Factor Authentication page.

NOTE: If you immediately receive a message stating that you've successfully logged in, then please open the DUO Self-Service portal in a new session.  This can be done using "Incognito Mode" (Chrome), "Private Browsing" (Firefox and Safari), or "InPrivate" (Edge).


 

You will be prompted to verify your identity. At this stage, simply choose the “Call me” option.

 

 

You will then receive a phone call asking you to press any key to complete your verification. At the next screen, simply click on the “Device Options” button for the device you need to re-activate.

 

 MFA, 2fa, 2factor

 

Next, click on the Reactive DUO Mobile button.

 

 

 

Follow the on-screen instructions to download and activate your new device with the same phone number.

Q: What if I receive a new phone number, how do I add the new phone number to my account?
Q: Can I add other devices in addition to my cell phone to my VCU 2Factor Authentication account?
Q: What if I lost my phone?
Q: Why does the DUO prompt say I'm in another city?
Q: What if I don’t want to install the app?
Q: What if I don’t want to receive SMS text messages?
Q: What if I don’t want to take a phone call?
Q: Am I required to use VCU 2Factor Authentication?
Q: What information is VCU collecting from me with this service?
Q: If I'm a student, how do I skip 2Factor Authentication?
Q: I had a "Skip" button but now it is gone. What happened?
Q: I'm a student, but I never see the "Skip" button, Why?
Q: Why does this application say that VCU 2Factor authentication will be required in 2067 or 2117?
Q: I use a generic account for work, how will it be affected?
Q: How often do I need to use VCU 2Factor Authentication?
Q: Will I need to use VCU 2Factor Authentication system on-campus?
Q: How do I add a YubiKey to my account?