GHC Sites > Information Technology > Multi-Factor Authentication (Duo)

Multi-Factor Authentication (Duo)

Securing Our Systems and Information Technology Resources

Securing information and information systems remains a core responsibility of the University System of Georgia (USG) and all USG institutions. Georgia Highlands College maintains information that we have both a legal and ethical responsibility to protect. Our information security program has determined that systems relying solely on a password for authentication are inherently insecure and at risk of compromise. To mitigate this risk, GHC requires Multi-Factor Authentication (MFA) for employee and student Single Sign-On (SSO) accounts. Other forms of user accounts may also require MFA authentication.
 
Contact Information Technology (IT) if you encounter an issue or device problem that is not addressed within this guide. You can email rt@highlands.edu to automatically create a help ticket or call our IT Help Desk at 706-295-6775 for an urgent issue.


Multi-Factor Authentication versus Two-Factor Authentication

Multi-factor authentication requires a user to present two or more forms of information (or evidence) in order to access a system or service. Two-factor authentication (2FA) adds a second layer of security to your account by requiring something in addition to your password. Verifying your identity using a second factor (like your phone, other mobile device, U2F security key) prevents others from gaining access to your account and confidential data, as they will not have access to your second form of authentication.

 

Why use Two-Factor Authentication?

Passwords are constantly compromised. They are often stolen or guessed and, in many cases, victims of a password compromise may not be aware that their account is being accessed. Two-factor authentication helps protect your accounts from unauthorized access in the event your username and password become compromised. Even if these credentials were guessed or stolen, the hacker would not be able to gain access without authorization using your second factor authentication method.

 

Why use Duo?

Duo is a tool that provides two-factor authentication. Georgia Highlands College chose Duo as our two-factor authentication provider based on the capabilities and flexibility included with the Duo software. Several other USG institutions have also selected this vendor – thus providing all schools a negotiated contract site license rate. Our Duo implementation allows the use of mobile phones (via app, SMS, or phone call), tablets, traditional “landline” phones, Duo authenticator hardware tokens, or U2F security keys to verify your identity after you’ve entered your username and password.

 

How Does it Work?

Three steps to stronger authentication

  1. Enter username and password as usual
  2. Use your phone to verify your identity
  3. Securely logged in

Once you’ve enrolled in Duo the first time, you will be ready to access a system quickly: You’ll login as usual with your username and password credentials, and then use your device to verify that it’s you. There are several methods for signing up the first time. Duo also lets you link multiple devices to your account, so you can use your mobile phone and a landline, a landline and a U2F security key, two different mobile devices, and etc.

 

How Does this Affect Me?

  • All employees are required to utilize Duo in order to access SSO services and secure institution systems.
  • Students are required to utilize Duo in order to access SSO services effective July 31st, 2020.
  • Multi-factor authentication is a requirement for all institutions within the University System of Georgia (USG).
  • Employees and students may choose to receive a phone call or text message code.
  • Two types of physical devices can also be used with Duo.
    • A supported Universal 2nd Factor (U2F) security key.
      • Yubico YubiKey Security Key, 4, 5, and newer
      • Google Titan USB Security Key
      • Feitian ePass NFC
      • HyperFIDO Mini U2F Security Key
    • [Employees only] Duo Authenticator. If an employee is unable or unwilling to use a personally owned device for MFA, cannot legitimately use their desk phone because of their job requirements, or other specific, legitimate operational circumstance, then a hardware token request form can be completed for the use of a GHC-provided hardware token.  This form must also be signed by the employee’s supervisor and submitted to IT. Duo Authenticators are available on a limited basis.

 

Note: U2F security keys may offered limited compatibility with specific devices or applications.