Two-Factor Authentication at UF

UF's two factor authentication (2FA) logo
UF's Two Factor Authentication (2FA) logo

The University is starting to roll-out a new authentication mechanism called two-factor authentication, or 2FA.  2FA requires you to use two different authentication methods when logging in: something you know (your GatorLink password) and something you have (i.e. a code provided by text msg to your cell phone).  You may already be familiar with 2FA because it is used by many banks and other secure Internet services (Facebook, Google, and Twitter even have options for two-factor authentication). As you may guess, using 2FA with GatorLink accounts will help protect the University environment from phishing and other cyberattacks because having just a password will no longer be enough to login.

At this point 2FA is an opt-in service.  However, as the University moves forward there will be various audiences that will be required to enroll (i.e. people in positions of trust that routinely work with personally identifiable information (PII)).  Messaging about 2FA has already started hitting various UF channels (a couple articles are linked below).  Opt-In enrollment for all faculty, staff, and affiliates will be officially announced in April 5th’s “UF at Work” newsletter.

http://news.hr.ufl.edu/2018/02/two-factor-authentication-option-available-uf-faculty-staff-beginning-april/
https://news.it.ufl.edu/security/uf-two-factor-authentication-service-coming-in-april/ (link stopped working Oct 2022)

UF’s 2FA website can be found at https://it.ufl.edu/2fa. There you can find everything you need to know: instructions, faqs, opt-in enrollment, timeline, etc. Most IT workers are already enrolled in UF’s 2FA and familiar with the service.  Please reach out to your local IT support if you have any questions.  Some common questions are included below; but, for more complete information see the two-factor website.

Q: What services require 2FA login?
A: UFIT has currently implemented 2FA on any services that use the UF Login page and the VPN.  Services that don’t use the UF login page (the UF Exchange Outlook Web Access client or your desktop computer for instance) do not require 2FA.

Q: My bank allows me to remember my browser as a ‘personal’ device and only requires 2FA every 30 days.  Is this an option for UF’s 2FA?
A: No.  UF’s 2FA will not allow you to remember a device.  It does, however, remember a browser session for the day.  As long as you use the same browser session you will not need to 2FA again during the day.

Q: Are there any other plans for 2FA?
A: There are long term plans to extend 2FA to more services as well as review password changing policies for people enrolled in 2FA. So the service is already looking for possible improvements in the future.

Q: I travel to foreign countries a lot, how will I 2FA if I don’t have cell service to receive the push notification?
A: If you do a lot of foreign travel it is recommended that you get a one-time password token generator. Tokens are available to select faculty and staff from the UFIT Helpdesk at the Hub.