The News Site of North Carolina State University - Technician

Technician
The News Site of North Carolina State University - Technician

Technician
The News Site of North Carolina State University - Technician

Technician
Categories:

OIT boosts two-factor authentication, expansion of requirement

Amber Detwiler, Staff WriterMarch 25, 2019
Jay Bate

Duo 2 Factor Authentication is a system that NC State uses to verify your identity when signing into Moodle or myPack. There have been concerns about some recent changes to the Duo system such as if you can remove the 2 Factor Authentication once you graduate.

Many students are familiar with the routine of logging into Shibboleth using Duo, and into their university emails using Google 2-Step. Although currently only required for NC State employees, Office of Information Technology (OIT) expects two-factor authentication to be required for all NC State students soon, protecting both students’ and NC State’s accounts.

Darren Fallis, an information security analyst, and Sarah Ward, a security incident response analyst*, addressed common student and faculty dilemmas surrounding two-factor authentication and described the likelihood of this requirement being extended to include all NC State students.

“Duo is a two factor authentication system that the university has chosen to help secure our accounts,” Fallis said. “As opposed to merely requiring a password on a single factor authentication, Duo asks you to provide a second factor, in this case, something you have versus something you know, to help prevent attackers from abusing our accounts.” 

Fallis said that two-factor authentication is required for all employees due to their access to more sensitive data and systems compared to the vast majority of students.

Story continues below advertisement

“Initially we required it for Payment Card Industry, so anything having to do with credit card systems,” Fallis said. “It was expanded to include all employees on November 1, 2017, and that meant any employee, including student employees.”

In hopes of increasing cybersecurity, Fallis said that he expects two-factor authentication to be a requirement for all students in the future.

“The only time that students who aren’t workers will be required to enroll in two-factor authentication is if their account was administratively disabled by their security person or by Google themselves,” Ward said. “We do try to add extra protective measures when a student’s account either has some strange activity or we see phishing or spam being sent through their email. We take that as an opportunity to reset the password as well as enroll in two-factor.”

Ward said that in the event a faculty member forgets their device and is unable to log into Shibboleth, they can call the help desk to get a backup code.

“There tends to be more of a learning curve when it comes to older faculty and staff as opposed to student workers or students who have to enroll when they get an account disabled,” Ward said. “Not that the staff doesn’t see an importance for it but there’s definitely more of a learning curve and more instructions that they might need to understand how to use it correctly.”

After the Google Service Team changed the maximum session time to 14 days, Fallis said that the Duo “remember me” option on Google* for two-factor authentication on NC State accounts was changed from 30 to 14 days to match. Ward said that some students noticed the lack of a “remember me” button, clarifying that even though the button is gone, the feature still applies up to the 14 day maximum (unless a student logs out or clears cookies).

Both Fallis and Ward said that students should strongly consider having a backup device, such as a Universal 2nd Factor (U2F) USB security key, in case their primary device is lost, stolen, broken, etc. Ward said that students studying abroad often have issues logging into their accounts when they change their SIM card and only have two-factor authentication set up with text messaging. 

“Having a backup device is very important,” Fallis said. “You put [a U2F key] on your keychain. Usually have your phone, or your keys, or both with you at all times.”

Fallis said that thousands of students have enrolled in two-factor authentication even though they are not yet required to. 

“The more students that hear about two-factor as an option, the better they can protect their information, not just at the university but personally as well,” Ward said. 

For more information on two-factor authentication for NC State accounts, students can visit the Office of Information Technology website or call (919-515-HELP) or email the NC State Help Desk. To learn more about two-factor authentication for personal accounts, students can visit twofactorauth.org.

*Editor’s Note: Sarah Ward’s job title has been updated for accuracy.

**Editor’s Note: Words were added to this sentence to clarify that only the “remember me” option on Google was changed.

Print this Story
More to Discover
More in News
An event organizer looks onto demonstrators piling in to hear guest speakers after the Raleigh May Day march at Bicentennial Plaza on Thursday, May 1st., 2025.
Raleigh May Day Protests
Graduating undergraduate students file into their seats before the University Commencement ceremony in Carter-Finley Stadium on Saturday, May 3, 2025. NC State conferred 7,234 degrees at the ceremony, including 5,079 bachelor’s, 1,783 master’s, 306 doctoral, and 66 associate degrees.
University Commencement Ceremony, 2025
Generic Technician Logo
International students’ SEVIS records restored after visa revocations
Bailey Lawson, a second-year studying graphic and experience design, models “The Return Home” by Mia Danford-Klein during the Art2Wear: Revive! show at the Gregg Museum of Art and Design on Thursday, April 24, 2025. “The Return Home” is a tribute to the cycle of life, death, and rebirth, and explores the balance between life’s fragility and strength using elements of nature.
Art2Wear: Revive!
A sign points students towards the Flower Moms tent at Wolf Plaza on Thursday, Nov. 14, 2024. The Free Moms engage with students every Thursday, chatting with them and giving out a variety of free goods.
Free Moms told to cancel weekly event during finals, prompting student backlash
A sign on the doors marks the continued closure of Poe Hall on Wednesday, Jan. 24, 2024. Poe Hall was closed in November 2023 due to the presence of environmental contaminants (PCBs).
Federal cuts halt Poe Hall Health Evaluation
Menu
Activate Search
Home
OIT boosts two-factor authentication, expansion of requirement