Two-Factor Authentication at NC State

Enrolling in 2FA takes 10 minutes and keeps you and NC State secure.

Learn More

New to 2FA? Not sure what it is, how to enroll in it, and what it means for campus? Learn more about NC State’s two-factor services and supported devices.

Learn More About 2FA

 

Your UIA Questions

User Identification and Authentication (UIA) is an online verification procedure used by the Help Desk to identify NC State users and verify who they are over the phone.

Set User Identification and Authentication (UIA)

 

Duo for Shibboleth

Duo Security adds Two-Factor Authentication to services at NC State that use Shibboleth, like MyPack Portal and WolfWare.

Get Started with Duo

 

Google 2-Step

Google 2-Step adds Two-Factor Authentication for an extra layer of security for your Google account, including Gmail and Google Drive.

Get Started with Google 2-Step

 

Need Help?

2FA training workshops are scheduled across campus, and the NC State Help Desk can help you if anything goes wrong.

Frequently Asked Questions 2FA Training & Help

About 2FA at NC State

Learn more about how we use 2FA and how it keeps us safe.

Don’t be confused by its many names — multifactor authentication, two-factor, or 2-step verification — just think of it as another layer of protection for your most vital accounts. When you activate two-factor authentication, you will be required to log in with both your password and an additional security measure, such as:

  • a code delivered via text, voice call or mobile app
  • a USB security key
  • a printed backup code
  • a push (or pop-up) notification on your smartphone.

Two-Factor at NC State

At NC State University, we have two services that provide multifactor authentication to the most vital resources on campus.

  • We use Google 2-Step to protect our Google services, like email and everything stored in Google Drive.
  • We use Duo to protect services that use our Shibboleth login services. Shibboleth may not be a name you know, but you use it to log in to services like MyPackPortal, WolfWare, and library resources.

Enroll in both Google 2-Step and Duo to protect yourself and the Pack.

All faculty and staff (including student and no-pay employees) will be required to enroll in 2FA by October 31, 2017 and were notified by email on March 2, 2017. But why wait? Enroll now to keep your account secure!

Google 2-StepDuo Security

 

Why Use Two-Factor?

  • The university receives about one million email messages daily. Fifty percent are either spam or phishing scams. On a monthly basis, more than 200 people in our university community fall for a phishing email, and 150 accounts are disabled due to compromised credentials.
  • It is estimated that 45 percent of users will fall victim to a well-crafted phishing email, and 63 percent of confirmed data breaches leverage weak, default or stolen credentials.
  • When your Unity credentials are compromised, criminals have access to everything stored in your Google account, including Google Drive, and sensitive data stored in the MyPack Portal, including W-2 Forms and payroll, billing and account information.
  • Up to 98 percent of email breaches can be prevented by two-factor authentication.
  • NC State must employ 2FA to be compliant with different state and local policies, such as NIST 800-171, PCI DSS and ISO 27002.
  • Research is becoming our highest regulated data, requiring controls like encryption and two-factor authentication for grant acceptance.

Two-Factor Benefits

The main benefit of activating Two-Factor Authentication is a significant increase in protection of your account from hackers. Here’s how that happens:

  • Two-Factor adds an extra barrier between your personal information and the bad guys. To access your account, they would need to know your username and password as well as a security code.
  • Two-Factor can help keep attackers from accessing your email, documents, payroll, personal information, or research data.
  • Two-Factor requires a unique security code each time your account is accessed on an untrusted device, application or web browser.
  • If you receive a security code or push notification when you are not trying to log in to your account, you’ll immediately know that someone else is trying to. That means you should change your password!

 

Ways to Get Codes, at a Glance

Technology Google Logo

Google 2-Step

Duo Logo

Duo

Voice Call Yes, this feature is supported No, this feature is not supported
SMS Text Message Yes, this feature is supported Yes, this feature is supported
Smartphone Push Yes, this feature is supported Yes, this feature is supported
USB Security Key Yes, this feature is supported Yes, this feature is supported
Printed Backup Codes Yes, this feature is supported No, this feature is not supported
App-Generated Codes Yes, this feature is supported Yes, this feature is supported