Two-Factor Authentication

 

What is two-factor authentication?

Most of us use it every time we withdraw funds from an automated teller machine. The two factors required for an ATM transaction are the person’s personal ID number (something the person knows) and the ATM card (something the person possesses).

The  myUTSA ID+  initiative refers to the two-factor authentication system here at UTSA, where the two factors are your UTSA ID passphase plus a mobile device, such as a smartphone or tablet.  For users unable to use mobile devices, alternatives are available.

This short video below is designed to help you understand the log-on process using two-factor authentication. The video is provided by Duo, the software vendor that powers two-factor authentication at UTSA.

 

How do I enable my mobile device to gain myUTSA ID+ protection?

myUTSA ID+ protection is powered by Duo software, which can be downloaded from all major mobile device app stores, including Apple App Store and Google Play. Installing the Duo app will be as easy as other apps you may have downloaded to your mobile device.

If you would like to get started with myUTSA ID+ now, please register your device on the UTSA Passphrase Portal.

Information on first-time enrollment is available here.

 

 

 

What are the benefits of using myUTSA ID+?

  • Greater protection of UTSA systems.
  • Reduced risk of criminals using your myUTSA ID+ account to perform harmful activities.
  • Compatibility with a wide variety of mobile devices.
  • Multiple log-on options even when wireless signal is weak or you are traveling.
  • Compliant with UT System requirements.

To better understand whether you will be eligible for the additional protection offered by myUTSA ID+ , please see the table and frequently asked questions below and contact OITConnect if you have questions.

The systems designated for myUTSA ID+ are currently being tested. Affected users will receive additional notification before changes become active.

Following is a breakdown of which systems will and will not receive myUTSA ID+ configuration.

                                                                     
 

System myUTSA ID (Current System) myUTSA ID+
VPN Remote Access GreenCheckmark.png
ASAP GreenCheckmark.png
UT Share PeopleSoft GreenCheckmark.png
Blackboard Learn GreenCheckmark.png  
Log into Desktop Computer in the Office GreenCheckmark.png
AirRowdy Wireless GreenCheckmark.png
Office 365 Suite

GreenCheckmark.png

Digital Measures

GreenCheckmark.png 
Library Applications GreenCheckmark.png

 

Do I have to use a mobile device to gain myUTSA ID+  protection?

myUTSA ID+  protection is powered by Duo software. Duo offers several methods to protect your information, including a mobile device app, SMS text message, and voice phone call options. UTSA users will not be required to own a mobile device to enjoy myUTSA ID+ protection, but this is the most convenient option and the one that most users preferred in tests.

An alternative to a mobile device could be a hardware token -- a small device the same size as a USB thumb drive. Users who wish to use a hardware token would have to have this token plugged into their laptop or desktop in order to use any myUTSA ID+ enabled services. Newer versions of the hardware tokens support Near Field Communication (NFC), whereby they work by simply being in close proximity to the device. These tokens will therefore provide two factor authentication on mobile devices without being plugged into the device. Hardware tokens must be purchased by the end user or the department and will not be provided by OIT.

For more information about hardware tokens, please click here.

Do I have to use my personally owned mobile device?

UTSA users are not required to have a mobile device to get myUTSA ID+ protection, but this is the most convenient option which most users preferred in tests. Today, many UTSA users already check work email from a personally owned mobile device. Just as email can use a portion of your data plan, using the Duo software will consume data, though it will be relatively small portion. Users who are not comfortable using a personally owned mobile device will have other options, such as a small hardware device that attaches to a keychain. UTSA users using email, Duo, or both from a mobile device must enable a screen lockout password to protect the device if lost or stolen.

Does UTSA gain control of my personally owned mobile device if I participate in myUTSA ID+?

The myUTSA ID+ initiative is powered by Duo software developed and published by a contracted third party. By installing the application on your mobile device, you do not provide UTSA with any additional ability to access your device or monitor your personal activity. Though most users prefer the convenience of the installed application, Duo offers several other methods including SMS text message, and voice phone call options.

Can DUO be used with online services at other organizations?

There are other organizations that are using Duo software for two-factor protection and their websites are also compatible with the single Duo application on your mobile device. Duo protection is currently available for Facebook, Google, and Amazon Web Services.

When will I be required to sign up for myUTSA ID+?

As of November 2018, all Office365 applications (Outlook, OneDrive, SharePoint, etc.) will require two-factor authentication. Faculty and staff will not be able to access their email from off campus unless they authenticate using myUTSA ID+. All faculty and staff are required to sign up for myUTSA ID+.

Will I be required to use two-factor Authentication on campus when logging into a UTSA system protected by myUTSA ID+?

When attempting to connect to a system protected by myUTSA ID+ from on campus, you should not normally be prompted for Two Factor Authentication. myUTSA ID+ will detect that you are connecting from a trusted network and should allow you to login without requiring  your second factor.

An exception to this requirement would be if you are physically on campus but using the data plan on your mobile phone (you are not connected to Air Rowdy). In that instance, your phone would be seen by Duo as coming from your mobile provider’s network and not UTSA. If you were to authenticate on your phone to an application protected by myUTSA ID+, then you would be asked to provide the myUTSA ID+ second factor.

What happens if I am using the VPN to authenticate into a UTSA system protected by myUTSA ID+?

The VPN is a special case. Once you are using the VPN, network traffic that is intended for UTSA on campus destinations is routed through the VPN tunnel, but traffic intended for other destinations such as cloud services like Office365, UTShare (PeopleSoft), and Duo Security does not go through UTSA’s network. In this case, you are connected to UTSA, but myUTSA ID+ still considers you to be off campus in terms of protecting your account and will ask you to provide your second factor when authenticating.

An exception to this requirement would be if you are physically on campus but using the data plan on your mobile phone (you are not connected to Air Rowdy). In that instance, your phone would be seen by Duo as coming from your mobile provider’s network and not UTSA. If you were to authenticate on your phone to an application protected by myUTSA ID+, then you would be asked to provide the myUTSA ID+ second factor.

What happens if my mobile device prompts me and I am not trying to log into a UTSA system protected by myUTSA ID+?

When you attempt to connect to a system protected by myUTSA ID+, you will be prompted on your mobile device, which serves as your second factor. If you receive an unexpected prompt although you have not attempted to log in to a UTSA application, this is an indication that the myUTSA ID+ platform has successfully worked to protect your account. You should report such unexpected mobile device prompts to the Office of Information Security.

<< Back