Introduction to Multi-Factor Authentication at Mines

 

What is Multi-Factor Authentication?

Multi-factor Authentication (MFA), or two-factor authentication, requires a one-time code provided by a physical device in addition to a password when logging into an account. Without both factors – the code and the password – you cannot login. Rendering a stolen password useless.

 

 

How does the Mines multi-factor authentication system work?

Mines has selected Duo Security to provide multi-factor technology to Mines. The Duo solution is flexible and secure while at the same time providing a simple and straightforward user experience. Using Duo to login to an account involves three steps.

  1. Enter your username and password as usual.
  2. Enter the one-time code from your Duo device or application
  3. After verification, access your account as usual.

 

How do device challenges work?

Users may configure one or more mechanisms to prove that they have the device associated with their account. Once configured any one mechanism is sufficient to authorize a login.

  • Duo Push – An application installed on your mobile device will pop-up a message immediately after you have entered your password. The login process will stall until you press the OK button on the pop-up. Once you have pressed OK the login process completes automatically. You can learn how to download the mobile app by clicking https://helpcenter.mines.edu/TDClient/1946/Portal/KB/ArticleDet?ID=128779
  • Free Hardware Token – Users who do not want to use their mobile device can request a free hardware token from the Mines Service Center. The free hardware token is about the size of a USB memory stick and displays the one-time only, 6-digit code. You can request a free hardware token on this page: https://helpcenter.mines.edu/TDClient/1946/Portal/Requests/TicketRequests/NewForm?ID=oCUrx1a6qD0_.
  • Universal 2-Factor (U2F) – Universal 2-Factor devices are an emerging standard for multi-factor authentication. U2F tokens are USB devices similar in size to the hardware token. However, unlike the hardware token, the U2F token talks directly to the authentication process. Rather than typing the challenge response into the application pressing a button on the U2F token transfers the response to the application.

Who can use the Multi-Factor Service?

Everyone is encouraged to use MFA. Starting in Spring 2021, some applications such as Canvas, Ex Libris, and remote access will require validation. Starting May 18, 2021, multi-factor authentication is required for all active Mines’ students, staff, and faculty.

Why should I use the multi-factor service?

Password abuse is responsible for the vast majority of information security breaches in the world today. Criminals have a dizzying array of tools at their disposal, all geared toward obtaining passwords by either technical attacks or social engineering. Because MFA requires both your password and a second device in your possession (like a phone or hardware token), if a criminal does discover your password, they are still unable to access an application protected by multi-factor authentication.