Introduction to Multi-Factor Authentication at Mines

Multi-factor authentication is a new service for all Mines employees.

What is multi-factor authentication?

Multi-factor authentication (MFA), sometimes called two-factor authentication, requires the use of a physical device in addition to a password when logging into an account. Without both factors – the device and the password – you cannot login. This makes a stolen password alone effectively worthless.

How does the Mines multi-factor authentication system work?

Mines has selected Duo Security to provide multi-factor technology to Mines. The Duo solution is flexible and secure while at the same time providing a simple and straightforward user experience. Using Duo to login to an account involves three steps.

  1. Enter your username and password as usual.
  2. You will be sent a challenge that requires you to prove you have the device associated with your account.
  3. After verifying your identity, you will have access to your account the same as always.

How do device challenges work?

Users may configure one or more mechanisms to prove that they have the device associated with their account. Once configured any one mechanism is sufficient to authorize a login.

  • Duo Push – An application installed on your mobile device will pop-up a message immediately after you have entered your password. The login process will stall until you press the OK button on the pop-up. Once you have pressed OK the login process completes automatically.
  • Hardware Token – Users who don’t have a mobile device can receive a small hardware token about the size of a USB memory stick that displays a random number. After you have entered your password the webpage or application you are logging into prompts you for the number currently displayed on your token.
  • Universal 2-Factor (U2F) – Universal 2-Factor devices are an emerging standard for multi-factor authentication. U2F tokens are USB devices similar in size to the hardware token. However, unlike the hardware token, the U2F token talks directly to the authentication process. Rather than typing the challenge response into the application pressing a button on the U2F token transfers the response to the application.

Who can use the Multi-Factor Service?

Our multi-factor authentication service is available to all employees. While there is no institutional policy requiring the use of MFA, supervisors may require participation by their employees. Supervisors who would like student employees to use MFA should contact ITS’s security team via the Mines Help Center at https://helpcenter.mines.edu.

Why should I use the multi-factor service?

Password abuse is responsible for the vast majority of information security breaches in the world today. Criminals have a dizzying array of tools at their disposal, all geared toward obtaining passwords by either technical attacks or social engineering. Because MFA requires both your password and a second device in your possession (like a phone or hardware token), if a criminal does discover your password they are still unable to access an application protected by multi-factor authentication.