WIXLIB

WHAT IS 2-FACTORAUTHENTICATION (2FA)?2-factor authentication (2FA) is an extra layer of security protectionfor your sensitive, personal university data. Something you know (password, PIN, etc.) Some physical characteristic of the individual (fingerprint, voice,heart rate, etc.) Some physical object you control (token, key, bank card, etc.)1

There were a series of 3 letters that went out to our users-1 OF 3 EMAILS SENT TO USERS:2FA AUTHENTICATEDOur records indicate that you have access to Banner Forms and you have authenticated your 2-Factor Authentication (2FA) account. On September 24, 2017, we areimplementing two-factor authentication (2FA) for Banner administrative forms for both on and off campus networks. This means, when you login to Banner Forms, youwill also need to authenticate with 2FA.What is 2FA?Two-factor authentication provides protection for sensitive data by requiring something you know (your NetID and password) and something you have (a hardware tokenor a mobile device). Without 2FA, the University of Illinois System is at risk of data breaches that could result in financial theft. You can learn more about 2FA with thisKnowledgeBase article: https://answers.uillinois.edu/internal/page.php?id 65937 (login required).How do I review my 2FA access?You can review your 2FA access at https://verify.uillinois.edu/. You will need your 2FA token device or your mobile device to review your access. You can learn more about2FA token devices here: hp. Review of your 2FA access should take less than 5 minutes. You will need to login and verifythat your contact information is correct.For more information on 2FA, go to https://verify.uillinois.edu/. Additional questions concerning the 2FA project can be directed to me, your University Security Officer(UIC - Ed Zawacki, UIS - Clayton Bellot, Urbana - Joe Barnes and System Office - Chris Barton)or the AITS Service Desk - https://www.aits.uillinois.edu/get help.If you no longer need access to Banner forms, please contact your Unit Security Contact (USC) to have your access removed. You can find your USC here:https://www.aits.uillinois.edu/access/find my uscThanks,Mark PollardAITS

1 OF 3 EMAILS SENT TO USERS:2FA NO AUTHENTICATE Our records indicate that you have access to Banner Forms, but you have not yet authenticated your 2-FactorAuthentication (2FA) account. On September 24, 2017, we are implementing two-factor authentication (2FA) for Banneradministrative forms for both on and off campus networks. This means, if you do not authenticate your 2FA account,you will not be able to login to Banner on Monday, September 25. What is 2FA?Two-factor authentication provides protection for sensitive data by requiring something you know (your NetID andpassword) and something you have (a hardware token or a mobile device). Without 2FA, the University of IllinoisSystem is at risk of data breaches that could result in financial theft. You can learn more about 2FA with thisKnowledgeBase article: https://answers.uillinois.edu/internal/page.php?id 65937 How do I authenticate my 2FA account?You can learn how to authenticate your 2FA account with this KnowledgeBase e.php?id 65941. To authenticate your 2FA account, you will need your 2FAtoken device or your mobile device. You can learn more about 2FA token devices ens.php. 2FA Authentication should take less than 5 minutes. For more information on 2FA, go to https://verify.uillinois.edu/. Additional questions concerning the 2FA project can bedirected to me, your University Security Officer (UIC - Ed Zawacki, UIS - Clayton Bellot, Urbana - Joe Barnes andSystem Office - Chris Barton) or the AITS Service Desk - https://www.aits.uillinois.edu/get help If you no longer need access to Banner forms, please contact your Unit Security Contact (USC) to have your accessremoved. You can find your USC here: https://www.aits.uillinois.edu/access/find my usc

1 OF 3 EMAILS SENT TO USERS:NO 2FAOur records indicate that you have access to Banner Forms, but you have not enrolled in 2-Factor Authentication (2FA). On September 24, 2017, we are implementingtwo-factor authentication (2FA) for Banner administrative forms for both on and off campus networks. This means, if you do not enroll in 2FA, you will not be able tologin to Banner on Monday, September 25.What is 2FA?Two-factor authentication provides protection for sensitive data by requiring something you know (your NetID and password) and something you have (a hardware tokenor a mobile device). Without 2FA, the University of Illinois System is at risk of data breaches that could result in financial theft. You can learn more about 2FA with thisKnowledgeBase article: https://answers.uillinois.edu/internal/page.php?id 65937How do I enroll in 2FA from a University Network?You can enroll in 2FA at https://verify.uillinois.edu/. You will need your 2FA token device or your mobile device to complete your registration. You can learn more about2FA token devices here: hp. Enrollment should take less than 5 minutes. If you need some assistance enrolling, youshould read the Self Enrollment Guide found in this KnowledgeBase article: https://answers.uillinois.edu/internal/page.php?id 65947How do I enroll in 2FA when I am not on a University Network?You must first call the AITS ServiceDesk at 217-333-3102 (Urbana or Springfield) or 312-996-4806 (Chicago). You will need to tell them that you want an enrollment codeto enroll in 2FA. You will have to answer a few questions to verify that you are who you say you are. You will also need your 2FA token device or your mobile device tocomplete your registration. You can learn more about 2FA token devices here: hp. Once you have both your code anddevice, you can enroll in 2FA at https://verify.uillinois.edu/. If you need some assistance enrolling, you should read the Self Enrollment Guide found in thisKnowledgeBase article: https://answers.uillinois.edu/internal/page.php?id 65947.For more information on 2FA, go to https://verify.uillinois.edu/. Additional questions concerning the 2FA project can be directed to me, your University Security Officer(UIC - Ed Zawacki, UIS - Clayton Bellot, Urbana - Joe Barnes and System Office - Chris Barton) or the AITS Service Desk - https://www.aits.uillinois.edu/get helpIf you no longer need access to Banner forms, please contact your Unit Security Contact (USC) to have your access removed. You can find your USC here:https://www.aits.uillinois.edu/access/find my usc

HOW DOES 2FA WORK? With 2FA, you need both “something you know” (NetID/password) along with “something you possess” (hardware token, passcode, phone, ormessage from a device you have set up with Duo).When you log in to a system requiring 2FA, you will need to authenticatethat it is you with a passcode, phone call or text message on the deviceyou set up with Duo.

WHY TWO-FACTOR AUTHENTICATION2FA will protect both you and the university from unauthorized access to your personal data stored inthe university's enterprise systems. Two-factor authentication (2FA) is one of the best ways to protect against remote attacks suchas phishing, credential exploitation, and other attempts to takeover your accounts. Without your physical device, remote attackers can’t pretend to be you in order to gainunauthorized access to corporate networks, personally identifiable information, electronicprotected health information, financial information, etc. 2FA provides a second layer of security to your University account making it difficult for anunauthorized person to access your information and provides better account protection . If your password is stolen or compromised, having 2FA set up will require the thief to also havepossession of your registered device in order to access your account.6

WHAT SYSTEM IS USED FOR 2FA? The University of Illinois has selected Duo, an industry leader incyber security services, to provide 2-factor authentication (2FA)services. It is a cloud based service that will help secure youraccount and the University’s sensitive data. The initiative forusing 2FA at the University has been branded UI Verify.

WHEN DO I NEED TO USE 2FA?Duo authentication will be required for applications: NESSIE Banner Forms Direct Deposit PARIS W-4 Benefits and Earning statements W-2/1042-S Tax Statement EIF Loan Default TDRP LTD Civil Service AppointmentInformation Employment Verification NOA Transit Benefit Child Tuition Waiver Employee Tuition Waiver Shared Benefits ANCRA Training HRFE Any UniversitySensitive Data NetID andPasswordChanges 2FA is now required for all users accessingNessie Direct Deposit or if you are accessing anyUniversity sensitive data. Now that University direct deposit and W2 areprotected, where will attackers turn next?

REMINDER-CURRENTLY WHEN YOULOGIN TO BANNER FORMS YOUWILL SEE THIS MESSAGE9

USING 2-FACTOR AUTHENTICATION(2FA) With UI Verify, to login into University systems you will need twopieces of information: your NetID password, PLUS agenerated code or message from a device that you have setup as your second factor. You have several options for your 2FA device: Install the DUO Security application on your personal smartphone. Use a non-University phone to receive texts or calls with a code. Use a University hardware token to generate a code, which can bepurchased through the WebStore by your department.

HOW TO GET STARTED-Go to: verify.uillinois.eduCIS has posted instructions and tutorial videoson our website (http://peoria.medicine.uic.edu/cis/2fa/ ) tohelp users understand the enrollment process and how toauthenticate using 2FA.

Users will see this page after going to verify.uillinois.eduand we recommend that you click on "Get Started" butyou will still be prompted to select your Chicago Campus Siteand then a login screen willappear for you to login-

You will either 1st see the option box to pickthe UIC campus or if you have already enrolled,you will go straight to this screen to inputyour username and password.

After logging in you will be sent to this screen where you can click on “My Settings & Devices”

If you’re set up and you click on “call me” it willsend a message to your personal device and thenit will ask you to enter a number if you generatedThe call otherwise hang up.If you are not setup you can view a short videofor instructions on how to enroll.

If you are enrolled in 2FA and you have followed theinstructions from the phone call that you receivedon your personal device you will see the screenshot on your PC .

So if your authentication was successfulyou can log out and you are done.If you need to enroll an additional device orpurchase a token or choose to add themobile app there are more steps to take.

2FA – Self Enrollment Process1. For your 1st visit-go to the UI-Verify site: https://verify.uillinois.edu2. Click the Get Started button, choose your campus and login with your NetIDand Password.3. Next click on Start Setup and choose what kind of device you want to enroll, onthe UI Verify: Managing Devices Screen, you will select your device. Whenregistering a landline or mobile phone you will need to confirm your non-universityphone number.4. The next step will ask you what type of device it is and then it will ask you todownload the Duo Mobile app.5. CIS has listed a short video of the process on their Website athttp://peoria.medicine.uic.edu/cis/2fa/

If you see the screen below, you already have a phone number enrolled induo. This may happen automatically if you have a phone number registeredas a password manager recovery option, or in the campus emergency alertsystem. To register your smartphone or add another device, click add anew device.You may want to add another device if you worry about losing your 1st devicethat is setup as your default device. The next slides will help you do that.