Two-Factor Authentication

Two-factor authentication (2FA), powered by Duo Security, is now available for faculty, staff, special payroll, and student employees. 2FA enhances data security by requiring two forms of identification to gain access to an online resource. On a system that requires 2FA, you first login with your NetID credentials and then verify your identity with a physical device linked to your NetID account. This additional layer of protection prevents anyone but you from accessing your accounts, even if they have obtained your username and password.

2FA will be required to authenticate into Core-CT this spring. This requirement aligns with the State’s initiative and protects financial and personal information that can be vulnerable if an individual’s credentials are compromised.

To effectively support this roll-out, ITS will be making 2FA mandatory in phases determined by affiliation. Below are the date ranges of when 2FA will be required for each population. We will start communicating at the beginning of the window, and then require 2FA by the end date listed.

  • Student Employees: January 25 – February 22
  • Staff and Special Payroll: February 15 – March 22
  • Faculty: March 25 – May 3

You can also choose to enable 2FA for all online services behind NetID Single Sign On.

Getting Started

Step 1: Get prepared.

Have the device you wish to add to the service. Options for a 2FA device include mobile phones, tablets, landlines, or tokens.

Step 2: Log in to the Two-Factor Authentication Management Portal.

Log in with your NetID and NetID password. Through the portal, you can add and manage 2FA devices and decide what services will be protected by 2FA.

Step 3: Click “Here for the first time? Turn on 2FA.”

This will kickoff the process to add your first device and then enable 2FA on services.

Step 4: Turn on 2FA for Core-CT

If you have not added a device to the 2FA service, click Start Setup to enroll it. Once its added, you will be prompted to authenticate with that device via push notification, phone call, or passcode. Then you will go to the Manage Services screen, where you can enable 2FA for Core-CT or all services that use Single Sign On.

Managing the Service

You can make changes at any time to the devices linked to your account on the 2FA Management portal page. ITS recommends adding a backup device so that you have flexibility and additional options if you do not have your default 2FA device with you. You will be prompted to authenticate with your second factor before you can make changes.

If you misplace your 2FA device, contact the ITS Help Center. They can provide you with a temporary bypass code.

Tip: If you want the protection of 2FA but not the constant prompts to authenticate on your second factor, you can check a box on the Duo screen to Remember me for 30 days. As long as you are using the same browser and the same device, you will only receive one prompt every 30 days.