Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA)

You may have heard or experienced Two-Factor Authentication (2FA) through your interactions with online banking, Gmail, and when logging into Facebook, Paypal, Twitter, and LinkedIn from a new machine. But what exactly is 2FA and why is Montgomery College adopting it?

2FA adds a second level of verification when people log into designated websites and online services. This added layer of security will help to decrease account compromises and identity theft, provide real-time alerts for password protection, and allows you to use your smartphone, cell phone, tablet, or landline phone to easily confirm your login requests. If these methods are not available to you, please call the IT Service Desk. While not as fast as other methods, the IT Service Desk can provide you with a one-time bypass code.

Currently, over 300 higher education institutions have implemented the same two-factor system throughout the nation with Montgomery College joining the security movement. By rolling out 2FA, we are pushing our account security to the next level and protecting the data of the College and our students, faculty and staff.

DON’T DELAY – ENROLL TODAY!new window

 

 

Frequently Asked Questions

Overview

Two-Factor Authentication (2FA) adds a second level of security during the login process to help prevent anyone other than you from accessing systems storing sensitive data. This is accomplished using 2 layers of security to verify your identity when logging into a system:

1. Enter your username (your MyMC ID) with your password
2. Use a physical device such as your cell phone, tablet or landline phone to confirm your identity
The device that is most convenient for this purpose is a cell phone with the Duo Mobile app installed on it. Alternatively, a text message can be sent with a series of one-time passcodes for you to type in or you can receive a phone call.

 

Previously, if you wanted to remotely connect to Montgomery College (MC) resources, such as MyMC, Office 365, or Virtual Private Network (VPN), you would log in with your username and password. When you are enrolled in 2FA, you will be prompted for the 2nd factor when connecting to MyMC, Office 365, or VPN.

MC has decided to implement 2FA in response to multiple recent phishing scams and other vulnerabilities faced by the College and other organizations worldwide. 2FA provides much stronger insurance that information is only accessible to the intended people, and that the systems remain highly available. 2FA will be used in the future by an increasing number of MC services, or by designated users of a given service such as VPN. MC has chosen the vendor Duo for its 2FA needs and you will see the name of this organization when you enroll or log into certain College services.

 2FA is currently only for Montgomery College faculty, staff, and students.

After entering your usual password information, you can authenticate your login through one of the three options:

  • Send me a Push: Recommended! Receive a notification on your phone to approve or deny the authentication using the Duo mobile app
  • Mobile App: Enter a passcode from the Duo mobile app on your phone
  • Text message
  • Previously saved text message
  • Phone Call: Receive a call on your enrolled phone to approve or deny the authentication
     

Follow the steps in the Enrollment Guide (English version) (PDF, Get Adobe Acrobat PDF Reader.-Link opens in new window.)  or Enrollment Guide (Spanish version) (PDF, Get Adobe Acrobat PDF Reader.-Link opens in new window.)  to get your device registered.

No. Duo Mobile cannot read your emails or track your location, it cannot see your browser history, and it requires your permission to send you notifications. Lastly, Duo Mobile cannot remotely wipe your phone.

Although the Duo Mobile app is the most convenient 2nd factor option, you are not required to install it on your device.

Duo Mobile is a very small application, taking up little room on your phone, and it is meant for individual consumer use. It is free, and its use does not result in any charges if you use the push or passcode options from the app itself. You may also receive a phone call or text message, or if you forget your device, you can always call the IT Service Desk for a one-time bypasscode.

No personal data is available to the College by having the Duo Mobile app installed. Through the Duo Management Console, the IT Security staff has visibility into the type of device (mobile phone/landline phone/tablet) registered and the type and version of the operating system installed (Android/iOS).

Duo Mobile only accesses your camera when scanning a QR code during activation.

Duo provides detailed information on what data is collected while using Duo Mobile and how user's may opt-out of their usage analytics.  Review the Duo Mobile Privacy Information and the Duo Services Privacy Noticenew window

Authentication Methods

The following devices can be enrolled with Duo:

iPhone or iPadnew window (using the Duo app from the Apple App Store) 
Androidnew window (using the Duo app from the Google Play Store) 
Other types of cell phones (using a text message or phone call)
Land lines (using a phone call)


TIPS:
Keep in mind that you will need your registered device near you any time you want to login to MyMC, Office 365, VPN or any future applications protected by 2FA.
We strongly recommend setting up at least two devices with Duo in case you are not near the original device you setup in Duo. You can add as many devices as you wish by following the directions.
You will need to authenticate each time you login, unless you check the "Remember me for 7 days" checkbox at the Duo prompt. This will apply to the same application in the same browser.

Manage your Devicesnew window

After entering your usual password information, you can authenticate your login through one of the three options:

  • Send me a Push: Recommended! Receive a notification on your phone to approve or deny the authentication using the Duo mobile app
  • Mobile App: Enter a passcode from the Duo mobile app on your phone
  • Text message
  • Previously saved text message
  • Phone Call: Receive a call on your enrolled phone to approve or deny the authentication 

It’s quicker than a text or a phone call:

  • Authenticating with a text message requires waiting to receive the text, reading a passcode, and then typing it in.
  • Phone calls require actually answering the phone, listening to the recording, and using the dial pad to approve the login.
  • Duo Push is as simple as approving a notification on your smartphone.

It's more secure:

Duo Push uses cutting-edge end-to-end encryption that text messages and phone calls cannot.
The Duo Push screen displays detailed information about the application and source device that initiated the authentication request.
Duo Push allows you to report a fraudulent attempt to access your account.

Yes. In fact, it is recommended that you register more than one phone or device, in case you lose the primary one.

Each time you authenticate to a Duo enabled application, i.e. MyMC, Office 365, or VPN, you will have to authenticate with Duo, however you may select the “Remember me for 7 days” option which will require you to only authenticate once within that 7 day period for the same application and browser.

You can manage your devices by visiting the 2FA websitenew window

To add a new device: Click on “Add a new device”.  In order to add a new device, the service will first need to confirm your identity by authenticating you based on your current settings. Once confirmed you may add a new device.

To choose your default device or authentication method:  Click on “My Settings & Devices” and select your desired options.

You have a few options:

Use an alternative device:
If you enrolled a second device, such as your landline phone at your desk, you can select that alternative device in the dropdown menu  and select the “Call me” option.

Bypass code:
You can call the IT Service Desk and request a one-time bypass code.

Request Passcodes in Advance:
Ideally, in advance of leaving your phone at home, if you set up your mobile phone as a mobile phone in Duo, you can request Passcodes sent to it via text messaging (SMS).  Duo will send 10 one-time use codes in each text message, and they do not expire until used.  To request 10 one-time Passcodes, log in to the montgomerycollege.edu/2fa_enrollchoose, “Enter a passcode”, and select “Text me new codes” in the blue bar that appears.

If a mobile device is lost and was setup for 2FA, it needs to be removed from Duo as soon as possible. Email the IT Security Office for help. 

If you have multiple devices registered, you can remove the lost/stolen device by visiting the 2FA websitenew window.

Click on “Add a New Device” to manage your devices. Keep in mind that even if you have received a replacement phone with the same phone number, the new phone is not synced with Duo just because it has the same phone number. The trust relationship has to be reestablished through the "Add a New Device" process or call the IT Service Desk to "Reactivate Duo mobile" for the new phone at the same number.

Yes, however you must install Duo Mobile on your iPhone first and register it with Duo. Then on your MyWatch app, navigate to the Duo Mobile app setting and set the option "Show App on Apple Watch" to ON. The caveat to this feature is that your iPhone has to be unlocked to receive the message on your Apple Watch. Otherwise, the push notification will go to your phone.

Almost none. 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.

Troubleshooting and Common Issues

There is a known issue with Microsoft O365 where a user clicks “Sign Out” and the user isn’t signed out. Instead the web browser reloads the current web page, with the authentication happening in the background. 2FA may be invoked as if it is a new session.

To resolve this, there are a few options:

Close your browser. Then reopen and go to O365 to ensure you are no longer logged in.
If you are still logged in, or presented with the 2FA prompt, clear the cookies in your browser and then try signing out again.
If you are still logged in, you may be signed in to another Microsoft online service, and this may be preventing you from signing out. If this is the case, sign out of all Microsoft online services. To do this, follow these steps:
o    Go to https://login.microsoftonline.com/logout.srf, and then sign out (if you aren't already signed out).

o    Go to https://login.live.com/logout.srf, and then sign out (if you aren't already signed out)

Try these easy troubleshooting steps for iOSnew window , Androidnew window , Windows Phonenew window , or BlackBerrynew window.
Still not working? Reactivate Duo Mobilenew window or contact the IT Service Desk.

No problem. Tap the key icon in the Duo Mobile app to generate an authentication passcode. You do not need an internet connection or a cellular signal to generate these passcodes.

You must enroll your new phone in Duo even though you have the same number.

Visit the 2FA websitenew window and click the “My Settings & Devices” link.

You will need to select the “Call Me” option to verify your identity.

Locate your phone number in the list of devices, click the “Device Options” button, and select “Reactivate Duo Mobile.”

Follow the prompts and your new phone will be enrolled with your old phone number. Push notifications should function normally.

If you continue experiencing problems, contact the IT Service Desk.

There are several ways you can still access College resources enabled with Duo when you are traveling or may not have internet access.

Use Passcodes from the Duo app, even without an internet connection.The Duo Mobile app for Android and iOS also works without an internet connection by giving you passcodes. Just tap the key button to generate a passcode. This works anywhere, even in places where you don’t have an internet connection or can’t get cell service.
Send text messages to your phone before you leave.If you set up your mobile phone as a mobile phone in Duo, you can request Passcodes sent to it via text messaging (SMS).  Duo will send 10 one-time use codes in each text message, and they do not expire until used.  To request 10 one-time Passcodes, log in to the montgomerycollege.edu/2fa_enroll choose, “Enter a passcode”, and select “Text me new codes” in the blue bar that appears.
Forward your office phone to your mobile phone.When Duo calls your office phone, the call will be passed along to the phone you forwarded it to and you can authenticate.

You can also use a landline or tablet. Duo lets you link multiple devices to your account, so you can use your mobile phone and a landline, two different mobile devices, etc. If you don’t have a landline or any mobile devices, please contact IT Security for help.

The Duo Mobile App passcode generator works without cell or Internet service.

Travel to countries where phones may be subject to search and seizure, please contact the IT Service Desk new windowfor assistance.

Chrome, Firefox, Safari, Internet Explorer 8 or later, and Opera.

CLASSROOM CONSIDERATIONS For Faculty AND STUDENTS

Carrying the 2nd factor device is required, and supported by the College’s Academic Leadership.

The Duo Mobile app generates a passcode that works without internet or cell service. Use the "Enter a Passcode" option on the Duo prompt.

While students are not required to enroll in Duo, they are encouraged to enroll. Faculty need to make the accommodation to allow mobile phone use for authentication purposes and can require students to put it away for the duration of class.

©