Two-Factor Authentication (2FA) Overview

This article provides an overview of the two-factor authentication (2FA) security service that is required for faculty, students, staff, and temporary account holders.

What is two-factor authentication?

Two-factor authentication is a security measure designed to ensure that you, and only you, are using your CNetID (username) and password to access UChicago services, systems, and resources. Authentication simply means that you have to prove that you are who you claim to be when accessing an online resource by providing something you know (your CNetID and password) along with something that you have (a preregistered device, such as your phone or tablet where, by using a code or an electronic push, you can prove that you are in possession of that device).

Tip: You should enable two-factor authentication on non-UChicago systems like online banking, an external email account, or even social media accounts, if offered. This adds a second layer of protection to your personal data while using various online services.

Two-factor authentication (2FA) enhances the security of your CNetID by using your phone, tablet, or other device, to verify your identity when you attempt to access University applications. This prevents anyone but you from using your account to log in to online resources that are set up to use single sign-on (SSO), even if they know your CNetID password.

How does it work?

If you are enrolled in 2FA, when you attempt to access a single sign-on protected University application:

1. You will be prompted to enter your CNetID and password (the first factor).
2. You will then be taken to the Duo verification screen where you will select the device of your choice and the preferred method of verification: a push notification, a passcode, or a phone call (the second factor).
3. Finally, you will follow the instructions sent to your device to provide the second identity verification factor.

What devices can I use?

2FA lets you link multiple devices to your account. You are encouraged to enroll at least two devices with 2FA to avoid difficulties authenticating if your only enrolled device is unavailable. The most commonly-used device is your smartphone. There are instructions available on how to register your smartphone. You may also register a tablet or a landline. Using the Duo mobile app on your smartphone or tablet for either push notification or passcode verification is the preferred method of authenticating. Each kind of authentication incurs a cost to the University. While push notification and entering a passcode is inexpensive, phone calls can be quite costly.

Why do I need this?

Passwords are becoming increasingly easy to compromise. They can be stolen, guessed, and hacked, and new technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts means information online is increasingly vulnerable. You might not know who else has your password and is accessing your accounts.

Two-factor authentication adds a second layer of security to your account to make sure that your account stays safe, even if someone else knows your password. This second factor of authentication is separate and independent from the CNetID and password step. 2FA never uses or even sees your password.

Where can I learn more about 2FA?

View the Two-Factor Authentication (2FA) FAQ to learn more about 2FA.