In response to ever increasing information security threats, on July 24, 2017 ITS will enable two-factor authentication for logging into certain systems, such as Banner. Two-factor authentication adds another layer of security when logging in to MSU systems. The first factor required to login is something you know, i.e. your NetID/NetPassword. The second factor is something you have, typically your smartphone or tablet. Therefore, even if a hacker is able to get your NetID/NetPassword, he should not be able to login to your account because he does not have your second factor.
How does two-factor authentication work?
MSU uses a two-factor authentication product called Duo. When you enroll in 2FA, you will download and install the free Duo mobile app on your smartphone or tablet. During the enrollment process, you will register your smartphone or tablet as your second factor device, which associates it with your NetID/NetPassword. Once you have enrolled in 2FA, when you login to an MSU system such as Banner, you will enter your NetID and NetPassword as always, and then you will provide your second factor, typically by tapping a “confirm” or “approve” button on the Duo app of your registered mobile device.
How do I enroll in two-factor authentication?
Duo two-factor authentication is most often used in conjunction with your smart phone or tablet. If you do not have a smart phone or tablet, you will need to contact the ITS Helpdesk. Otherwise, follow the steps below to enroll in two-factor authentication and register your mobile device. You should complete the following steps on a computer with your mobile device available.
- Point your web browser to http://duo.msstate.edu
- Enter your NetID and NetPassword and click “LOGIN”
- Click “Proceed”
- Click “Yes” to confirm
- Click “Add/Manage Device”
- Click “Start Setup”
- Select the type of device, mobile phone or tablet, that you are adding and click “Continue”
- If you are using your smartphone, enter your phone number and verify that it is correct by checking the box and click “Continue”. If you are using a tablet, you will not be prompted to enter a phone number.
- Select the type of phone or tablet and click “Continue”
- Install the Duo mobile app on your smart phone or tablet, and then click “I have Duo Mobile”
- Launch the Duo mobile app, tap the “+” button, and scan the barcode. (After a successful scan a green checkmark will appear)
- Click “Continue” and then click “Close”
- Congratulations! You have successfully enrolled in two-factor authentication and registered your mobile device.
- Click “Exit” to leave Duo enrollment
Now that you have enrolled in two-factor authentication, when you login to an MSU system such as Banner, you will enter your NetID and NetPassword as usual, and then a Duo screen will appear. The screen has two options “Send Me a Push” and “Enter a Passcode”. Normally you will click “Send Me a Push”. The passcode option is explained below. After selecting “Send Me a Push”, the Duo mobile app on your registered device will prompt you to approve or deny this login attempt. If this is a legitimate login using your NetID/NetPassword, you should approve; otherwise deny.
Note that not all MSU systems are currently protected by two-factor authentication, but all centrally supported systems that use CAS (Central Authentication System) are. Other systems will be added as appropriate.
What is the purpose of a two-factor passcode?
Consider the scenario where you have enrolled in two-factor authentication and registered your smartphone as your second factor device. You come to the office ready to go to work, but then you realize you left your smartphone at home. In that scenario, you can generate a passcode that you can use for up to 24 hours in lieu of your second factor device. A passcode can also come in handy when you buy a new smartphone to replace your old one. Since your old phone is no longer operational, you will need a passcode so that you can login to duo.msstate.edu to add your new mobile device and remove your old device.
How do I generate a two-factor passcode?
- Point your web browser to http://2fa.msstate.edu
- Click “Generate a Two-Factor Authentication Passcode” under Two-Factor Maintenance
- Enter your NetID/NetPassword and click “Login”
- Enter your Birth Date and MSU ID Number or Social Security Number and click “Submit”
- Enter the answer to your security question and click “Submit”
- Your passcode will be displayed
How do I login using a two-factor passcode?
When you login to an MSU system such as Banner, you will enter your NetID and NetPassword as usual, and then a Duo screen will appear. The screen has two options “Send Me a Push” and “Enter a Passcode”. Instead of clicking “Send Me A Push” as you normally would do, click “Enter a Passcode”. Then enter the passcode that you generated earlier and click “Log In”. You should now be logged in.