1. K-State home
  2. »Information Technology Services
  3. »IT Security
  4. »Protect yourself online
  5. »Two-factor authentication pilot

Information Technology Services

Two-factor authentication pilot

K-Staters personal data and research are at risk now more than ever. With so much personal and institutional information to safeguard, Information Technology Services (ITS) has been researching the use of a two-factor authentication system, which uses two steps to identify individuals who access K-State's systems.

 

A small pilot within ITS and Human Capital Services began in December 2017 using Duo Mobile. With two-factor authentication, K-Staters will enter their eID and password as the first method of authentication. The second method provides a randomly generated passcode that only that person has access to or a notification that’s sent to his or her mobile or landline phone. The two-factor authentication provides an extra layer of protection to accounts, databases and servers.

Results of the expanded pilot will be assessed by the project team and presented to ITS leadership in the spring. Determination on how to proceeded will be made at that time.

Pilot enrollment

Duo provides step-by-step help guides. The following guides are helpful during the pilot phase:

At this time, the Duo pilot is only available to a controlled group. Later this spring, the pilot will be expanded for other users. 

FAQs

Why is push the best authentication method?

  • It’s quicker than a text or a phone call.
    • Authenticating with a text message requires waiting to receive the text, reading a passcode, and then typing it in.
    • Phone calls require actually answering the phone, listening to the recording, and using the dial pad to approve the login.
    • Duo Push is as simple as approving a notification on your smartphone.
  • It’s more secure
    • Duo Push uses cutting-edge end-to-end encryption that SMS and phone calls can’t.
    • The Duo Push screen displays detailed information about the application and source device that initiated the authentication request.

How much data does a Duo Push use?

Almost none. 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.

Does installing the Duo Mobile app give up control of my phone?

No. Duo Mobile has no more access or visibility into your phone than any other app. Duo Mobile cannot read your emails or track your location, it cannot see your browser history, and it requires your permission to send you notifications. Lastly, Duo Mobile cannot remotely wipe your phone.

Why does the Duo Mobile app need to access my camera?

Duo Mobile only accesses your camera when scanning a QR code during activation.

What if I don’t have a wireless connection or cellular reception?

No problem. Tap the key (iOS) or pin (Android) icon in the Duo Mobile app to generate an authentication passcode. You do not need an internet connection or a cellular signal to generate these passcodes.

What if my push alerts aren’t coming through?

Try these easy troubleshooting steps for iOS, Android, Windows Phone, or BlackBerry. Still not working? You will need to Reactivate Duo Mobile.