Securing Our Systems and Information Technology Resources
Securing information and information systems is an important responsibility of the University System of Georgia (USG) and all USG institutions. The Information Security Program at Georgia Highlands College (GHC), in consultation with the USG Department of Cybersecurity, has determined that systems relying solely on a username and password for authentication are increasingly at risk of compromise from social engineering attacks and poor password hygiene. In order to mitigate this risk, GHC requires multi-factor authentication (MFA) for employee and student single sign-on (SSO) accounts. Other forms of user accounts may also require MFA authentication.
MFA & DUO FAQs
Passwords are constantly compromised. They are often stolen or guessed using information found online. In many cases, victims of a password compromise may not be aware that their account is being accessed. Multi-factor authentication helps protect your accounts from unauthorized access in the event your username and password become compromised. Even if these credentials were guessed or stolen, the hacker would not be able to gain access without authorization using your second factor authentication method.
Duo Security is a service that provides multi-factor authentication for SSO accounts. Georgia Highlands College chose Duo Security as our multi-factor authentication provider based on the capabilities and flexibility included with the free Duo Mobile app for phones and tablets.
- Enter username and password as usual
- Use your phone to verify your identity
- Securely logged in
Once you’ve enrolled in Duo Security the first time, you will be ready to access a system quickly: You’ll login as usual with your username and password credentials, and then use your device to verify that it’s you. The Duo Mobile app is the easiest and most flexible way to sign in to your GHC accounts and is available for download from the App Store (IOS) or Google Play (Android). Even if your smartphone or tablet doesn’t have access to Wi-Fi or cellular data, you can still use the Duo Mobile app to generate a passcode in order to access your accounts. Duo Security also allows the use of multiple devices to your account, so you can use Duo Mobile on your phone and a WebAuthn security key as a backup device, for example.
Yes. All user accounts will be configured with Multi-Factor Authentication (MFA) in order to protect information systems owned or operated by Georgia Highlands College. This is a requirement for all institutions within the University System of Georgia (USG).
Essentially, MFA requires two or more forms of authorization when you login to a college system online. When you attempt to access a system protected by MFA, you will enter your password as usual and be prompted for secondary form of authorization such as a notification on your personal phone, a text message to your personal phone, a phone call to your personal phone, a phone call to a desk phone, or through a code or button press on a hardware device. Once this is complete, you will be granted access to the system and will not have to re-enter either form of authorization while you using that system.
No, you may use an iPad, Android Tablet, or Duo Authenticator token to verify your identity.
We strongly suggest that you try the ‘Duo Push Notification’ option first. Based on feedback we received during pilot testing, users reported that this option was by far the least intrusive and easiest way to sign-in. The push notification typically appears instantly and the authentication process completes less than two or three seconds after pressing the “Accept” button.
Duo Mobile is a free download. It requires permission for push notifications and to use the camera (since taking a picture of a QR code is part of setup process). It uses very little data. According to Duo’s online documentation, receiving 500 push notifications in a month would use one megabyte (MB) of data. More information is available at Duo’s Knowledge Base.
The Duo Mobile app can be used to generate single-use login passcodes if you do not have cellular service or Wi-Fi connectivity.
All systems that can be accessed with your GHC Single Sign-On (SSO) account require MFA. This includes campus computers, Banner, email, D2L, and related systems.
If your primary and secondary methods of MFA are not functioning properly, you can call or drop by an available IT office for a bypass code. We strongly recommend setting up a backup authentication method in Duo in case your phone stops working.
Enrolling your account in Duo utilizes your phone’s camera to finalize registration of your device with Duo. During setup, you may be prompted to allow access to your camera for this process. After your Duo enrollment is complete, you can disable access to the camera.
Duo will prompt you with one or more security warnings if the device you’re using has out-of-date web browsers or your operating system is out-of-date. GHC IT always recommends that you keep your devices up to date in order to ensure they are protected with the latest security updates. If you encounter a Duo security warning on a GHC classroom or employee-use computer, please contact our help desk so that we can resolve the issue.
If you regularly visit a classroom or office with connectivity issues, wifi issues, or poor cellular reception, please contact IT. If there is consistently poor phone reception in your office or classroom, you can still sign-in using the six digit passcodes generated in the Duo mobile app.
If you are unable to install the Duo Mobile app on your phone, you can choose to receive texts or use a Duo Authenticator token available for check-out in our library.
You can use a WebAuthn device with most GHC websites. Please note that third-party hardware tokens offer limited compatibility with some devices and applications.
You can do a few things to prepare in case your device is lost, stolen, or if you’ve simply forgotten to bring it somewhere. You may set up multiple devices or phone numbers to work with Duo.
When you replace a device or phone, if your phone number remains the same, you can choose to receive an SMS message instead of an app notification until you re-setup a preferred method of notification (Instructions).
If your phone number changes after losing a device and a secondary phone or device option is not available, contact the IT Help Desk for assistance accessing your account and getting a link to re-enroll in Duo.
There are several factors to be noted when traveling. As long as you have cellular service or Internet access, you can authenticate as you always do. Otherwise, there are a few alternatives:
- If you have no Internet connectivity, you can use the Duo Mobile app to generate a passcode.
- You can use a Duo Authenticator token.
Duo only tracks sign-in and device information (if applicable) related to your GHC login activity. This may include your device’s operating system version and security configuration, browser version, and your IP address.
In addition, the Duo mobile app reports the model of the device on which the app is installed or the phone number if a mobile number is registered. No other information about the device or user is tracked or exchanged.