Server Two Factor Authentication
Introduction
2-factor authentication is a common security control that adds security to user accounts by requiring a secondary device to authenticate the user’s identity. This prevents any attempts to illegitimately login as another user, even with a correct password.
Virginia Tech uses Duo 2-factor authentication as a part of its Single Sign-On service. This enables users to authenticate their login attempts by either providing a code or verifying a “push” notification via the Duo mobile app.
Valid 2-Factor Authentication Methods:
- Phone SMS Text Message
- Phone Voice Call
- Duo D-100
- Passcode from the Duo App or Virginia Tech website
- YubiKey
- Lightweight Directory Access Protocol (LDAP)
Authentication Methods: Duo Push, Duo Mobile Passcodes, Phone Callback, and SMS Passcodes
Methods selected will appear as options to users during the Duo Authentication process. By default, the following methods are allowed: Duo Push, Duo Mobile Passcodes, Phone Callback, and SMS Passcodes.
Using SMS Passcodes and/or Phone Callback to verify via 2-factor authentication is less secure than other methods.
Consider disabling these methods in high security scenarios, but note that it consequently reduces accessibility.
For more information about the default Duo integration settings, please refer to the Duo Integration for Applications knowledge base (KB) article.
Procedures
Requesting a Standard Duo Integration
Virginia Tech offers free 2-factor security for its departments and workgroups. This is ideal for servers that cannot utilize the Virginia Tech Login service.
Standard Duo integrations can only be requested by Active Directory Organizational Unit admins.
- Login to 4Help.
- Go to the Duo Integration KB article.
- Click Request this service.
- Fill out the request form.
By default, the application name is the department short name and the integration type, and the Duo group name is the application name and role of the Duo group. Duo Groups are required for Duo integration requests and limit the integration access to the members of the groups.
Requesting a Duo Consultation
If you need a non-standard Duo integration for your server, you may request a consultation.
- Login to 4Help.
- Go to the Duo Integration Consultation KB article.
- Click Request this service.
- Fill out the request form.