The drive to provide additional protection to everyone on campus was spurred on by a hacking attack that occurred during the Thanksgiving weekend in 2014 which culminated in some employees having their identities, and in some cases paychecks, stolen from TechWorks. After a thorough investigation, the FBI and Tech's Cyber Security team strongly recommended implementing two-factor authentication to better protect Tech’s assets and service.
Two-factor authentication (2FA) is Georgia Tech’s effort to further secure our network application data, intellectual property, and user accounts by requiring a second level of authentication when accessing Georgia Tech network resources. The upgraded CAS service will continue to offer a first layer of security when you enter your username and password but will now also support two-factor authentication when accessing Georgia Tech applications. The two-factor authentication service from DUO will provide the second level of authentication.
FREQUENTLY ASKED QUESTIONS
Q: What do I need to do?
To enroll, you should contact the TSO Help Desk (CCB 148, 404.894.7065, helpdesk@cc) to schedule an appointment.
Q: When is it happening?
Duo enrollments are already underway. On January 23, 2017, two-factor authentication became required of all faculty and staff when accessing campus services and systems that use CAS logins (e.g. Techworks, Passport, Office 365). 2FA will be required for tech temps and affiliates on May 1, 2017. A deadline has not yet been set for students or student employees.
On March 1, 2017, Duo two-factor authentication became a requirement for VPN access for those enrolled. Additional information is available here.
Q: What if I lose or forget my phone?
TSO recommends that all users have a backup plan in place. Once you're enrolled and the change pushes out, you can add additional phones (e.g. office & or home landline, personal cell) and print out single-use backup codes through Passport. And if you manage to forget all those at home, the TSO Help Desk, the TSC, or even your coworker who's Duo enrolled can all issue you a 24-hour multi-use emergency code (note that issuing an emergency code will nullify your existing backup codes, so they'll need to be replaced after you get back in).
Q: What about hardware tokens?
The TSO Help Desk has a limited number of tokens to give out or loan for College faculty or staff who need a portable method of authenticating through Duo, can't use a mobile phone, and will quickly exceed the number of printed backup codes (for example, those without a mobile phone or those travelling to destinations where they can't or don't want to take their phone). They're also available through the TSC's loaner program for those travelling.
TSO only recommends hardware tokens for those who need them and will use them frequently. After several days to a few weeks, the time will drift too far on the token, rendering it unable to authenticate through Duo until it's removed and readded to a person's account. In addition, the token can get "out of sync" if the button is pressed too many times in a row and the generated passcodes aren't used for login. In some cases, this can happen by accident if the token is stored next to other objects in a pocket, backpack, etc.
Q: How much data does Duo use?
Entering a passcode doesn't use any data. Each push uses about 2K of data. Phone calls should last less than 1 minute apiece.
Q: What about retirees and other former employees/students?
Guidance for those no longer actively employed or enrolled is being developed and will be posted to OIT's Two-Factor Authentication site.
Q: Can I enroll another user in Duo?
If you've been enrolled in Duo, YES! Please see this HowTo for guidance.
Q: How do I issue a Duo emergency rescue code for another user?
TSO has a HowTo. The TSC and the TSO Help Desk are also available to issue emergency codes.
Q. I have a question that hasn't been answered here. Who do I ask?
In addition to this FAQ, OIT also maintains a listing of Frequently Asked Questions. There are also a couple of handouts here and here that may answer your question. If it's not answered there either, please see the next question.
Q: Who can I contact for questions or send feedback?