Two-Factor Authentication (2FA) at NC State
Enrolling in 2FA takes 10 minutes and keeps both you and NC State secure.
Duo SecurityGet Started with Duo/Manage Settings
Google 2-StepGet Started with Google 2-Step/Manage Settings
About 2FA at NC State
Learn more about how we use 2FA and how it keeps us safe.
Don’t be confused by its many names — multi-factor authentication, two-factor, or 2-step verification. Just think of it as another layer of protection for your most vital accounts. When you activate two-factor authentication, you will be required to log in with both your password and an additional security measure, such as one of these:
- code delivered via text, voice call or mobile app
- USB security key
- printed backup code
- push (or pop-up) notification on your smartphone.
Two-Factor at NC State
At NC State University, we have two services that provide multi-factor authentication to the most vital campus resources.
- Google 2-Step protects our Google services; e.g., email, files stored in Google Drive.
- Duo protects other NC State services; e.g., MyPack Portal, WolfWare, Office365.
- All employees are required to enroll in both Google 2-Step and Duo Security.
- This includes all faculty, staff, student employees, no-pay employees, and retirees.
- New employees have 30 days to enroll in both two-factor services. They can learn more about this requirement by referencing the Onboarding Center New Hire Checklist or HR email communications or by contacting their manager.
Why Use Two-Factor?
- The university receives about one million email messages daily. Fifty percent are either spam or phishing scams.
- On a monthly basis:
- more than 200 people in our university community fall for a phishing email, and
- 150 accounts are disabled due to compromised credentials.
- It is estimated that:
- 45 percent of users will fall victim to a well-crafted phishing email, and
- 63 percent of confirmed data breaches leverage weak, default or stolen credentials.
- When your Unity credentials are compromised, criminals have access to:
- everything stored in your Google account, including Google Drive, and
- your sensitive data stored in the MyPack Portal, including W-2 Forms and payroll, billing and account information.
- Up to 98 percent of email breaches can be prevented by two-factor authentication.
- NC State must employ 2FA to be compliant with
- various state and local policies and
- standards such as NIST 800-171, PCI DSS and ISO 27002.
- Research data is becoming our most highly regulated area, requiring controls such as encryption and two-factor authentication for grant acceptance.
The main benefit of enrolling in two-factor authentication is a significant increase in protection of your account from hackers.
Here’s how that that protection works:
- Two-factor adds an extra barrier between your personal information and the bad guys. To access your account, they would need to know not only your username and password but also a security code.
- Two-factor can help keep attackers from accessing your email, documents, payroll, personal information, or research data.
- Two-factor requires additional verification each time your account is accessed on an untrusted device, application or web browser.
- If you receive a security code or push notification when you are not logging in to your account, you’ll immediately know that someone else is trying to access your account. That means you should change your password!
Ways to Authenticate, at a Glance
|Voice Call||Yes, this feature is supported||No, this feature is not supported|
|SMS Text Message||Yes, this feature is supported||Yes, this feature is supported|
|Smartphone Push||Yes, this feature is supported||Yes, this feature is supported|
|USB Security Key||Yes, this feature is supported||Yes, this feature is supported|
|Printed Backup Codes||Yes, this feature is supported||No, this feature is not supported|
|App-Generated Codes||Yes, this feature is supported||Yes, this feature is supported|