Multi-factor authentication
What is Multi-Factor Authentication?
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.
What is DUO?
Duo is a two-factor authentication system/app that can be integrated with websites, VPNs and cloud services. The service can be set to work in conjunction with smartphones, personal computers, land lines and security tokens.
Download DUO from one of the two options:
SET UP INSTRUCTIONS FOR OHP STAFF
Step 1 - Installing Duo Mobile
Install the Duo Mobile app. Note that the icon for Duo Mobile in the App or Play Store displays the Duo logo with a green background.
Note: Do not select the Google Duo app (by Google LLC) for making video calls.
The app requires the following permissions to work appropriately:
Allow notifications for the use of Duo Push or Passcodes
Allow access to the camera, as you will need to scan a QR Code to complete enrollment.
Step 2 - Starting on your Computer or Laptop
Starting on your laptop or computer, and using Google Chrome or your preferred browser, log into your OHP email account, open the email that came from Duo Security (no-reply@duosecurity.com) inviting you to set up your Duo account. Click the blue link in this email to begin the enrollment process.
Click through the information screens on the page.
Skip the Duo Device Health Screen.
Step 3 - Duo Mobile app and Duo Push notifications or Passcodes
The OHP Tech Department recommends your initial method to be a mobile device that uses the Duo Mobile app and Duo Push notifications or Passcodes.
Next you may enter your phone number if you are using your phone, or you may select [I have a tablet] if you are using an iPad.
Touch ID (macOS with Chrome) may be selected as a secondary option. You will have a chance to make a secondary selection later.
For OHP staff members who do not have a district assigned device and are not able to use their smartphone, the tech department will assist you with Security Key fob set up. Please contact helpdesk@ohiohipoint.com for guided assistance and issuance of a security key fob.
Step 4 - Mobile Device Set Up
When you are sure the Duo Mobile app has been installed on your phone or tablet, click Next.
Step 5 - Use QR Code
Choose - Use QR code - a QR code should appear on your computer screen
Now, open the Duo Mobile app on your device, be sure to allow notifications and the camera
Choose "Set Up Account"
On the "Link your Account" screen, choose "Use a QR Code"
Use your phone or tablet to scan the QR code on the computer screen
On the "Name your Account," tap "Next"
Step 6 - Your Account
The account "Ohio Hi-Point Career Center" should populate the account name field automatically. You will want to change this. Change this to your first and last name (ie. John Doe), then hit "Save."
Step 7 - How to know if MFA is turned on
Hit "Skip" on the "Account Linked" screen. Do not "Practice now."
On the "Almost There" screen, tap "OK" and go back to your computer and try to sign in again. You may have to log out and log back into your computer multiple times for the sync to finish.
Here's what you should see when MFA is turned on for you:
On your computer, when signing into Windows, you should see the following screen:
If you do not see this screen, you may have to reboot your machine a few times for this screen to show up.
On your phone/tablet, in the Duo Mobile app, you should see the following screen:
Note: If you use Duo already (for another organization or university, etc.), you simply need to Add OHP as an account. To do this, go through the above steps 1-5, then open the Duo app on your mobile device and tap Add+ in the top right and then tap Use QR Code. Proceed scanning the code on your computer and follow the steps to complete the setup process.
Multi-Factor Authentication FAQ
What is mfa?
A. Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. Typical factors could include something you know (like a password), something you have (like a phone), or something you are (like your fingerprint).
B. MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the physical space, device, network, or database.
Why do we have to do MFA?
Unfortunately, 88 percent of all data breaches are caused by an employee mistake and the most common issue is the user gives up their username/password through some type of an interaction with a hacker
Phishing – logging into a page that is not actually the authentic site.
Writing Username and or Password down.
Giving their Username and or Password to someone else.
Multi-factor authentication places a second method of authentication in place to keep the hacker from getting into district systems.
2. Hackers use a variety of tools to monitor, collect and steal user passwords making it the easiest way to gain access to computer systems. Adding MFA places a second barrier up to keep hackers out of your accounts/systems.
What MFA options exist for staff users?
A. MFA options for Staff with a district device
iPad – Duo app Push notification or Code
Smartphone – Duo app Push notification or Code
Biometric on laptop – fingerprint reader
If Staff only get a laptop without a fingerprint reader, they will need to use their smartphone or keyfob.
B. MFA options for Staff without a district device
Smartphone – Duo app Push notification or Code
Duo key fob (if they don’t want to use phone)
What will mfa Affect and how often do i have to do mfa?
Every time you sign into your machine, and after 30 minutes of idle time on your machine, you will be required to authenticate with the Duo Mobile app when you attempt to sign-in again.
can i setup mfa on my desktop in my office?
No, MFA needs to be on one of the choices above. The Duo app doesn’t work on the desktop. In addition, since you can’t take your desktop with you, you wouldn’t be able to get into email in any other location, school, computer, etc.
Rollout Timeline
This is a list of the critical dates for the rollout and application of Multi-factor Authentication.