Multi-Factor Authentication (MFA) - DUO Issue

Service Description

An unplanned interruption to your Mines' Multifactor (also called 2-factor) Authentication experience, which can include issues with the Service Provide (DUO) directly or a lost/forgotten device.

Audience

Our multi-factor authentication service is available to all employees. While there is no institutional policy requiring the use of MFA, supervisors may require participation by their employees. Supervisors who would like student employees to use MFA should contact ITS’s security team via the Mines Help Center “Helpdesk” using the MFA Request Service.

Service Levels

Multi-factor authentication roll out began June 2018 for selected Mines employees and will continue for other groups in the near future. Watch the Daily Blast for details. Currently, few Mines services are MFA enabled. More will be in months and years to come. At this time, only the ITS staff is testing MFA.

Requirements

Multi-factor authentication (MFA), sometimes called two-factor authentication, requires the use of a physical device (usually a mobile device or designated FOB hardware token). in addition to a password when logging into an account. Without both factors – the device and the password – you cannot login. This makes a stolen password alone effectively worthless.

Service Charges

This service is provided free of charge. However, standard data rates from your carrier may apply if using your mobile device off campus (not on Wifi). 

Requesting the Service

This service is currently opt-in only and needs to be requested. Please fill out a service request using the "Submit Request" button located on this page if you're interested or would like further information.

Support can also be requested by visiting the Technology Support Center (TSC) or calling x2345 or 303-384-2345 during TSC staffed times. In this case, a Student Consultant will take your information.

Documentation

Additional information can be found at the ITS website: https://its.mines.edu/mfa/

 

HOW DOES MINES’ MULTI-FACTOR AUTHENTICATION SYSTEM WORK?

Mines has selected Duo Security to provide multi-factor technology to Mines. The Duo solution is flexible and secure while at the same time providing a simple and straightforward user experience. Using Duo to login to an account involves three steps.

  1. Enter your username and password as usual.
  2. You will be sent a challenge that requires you to prove you have the device associated with your account.
  3. After verifying your identity, you will have access to your account the same as always.

HOW DO DEVICE CHALLENGES WORK?

Users may configure one or more mechanisms to prove that they have the device associated with their account. Once configured any one mechanism is sufficient to authorize a login.

  • Duo Push – An application installed on your mobile device will pop-up a message immediately after you have entered your password. The login process will stall until you press the OK button on the pop-up. Once you have pressed OK the login process completes automatically.
  • Hardware Token – Users who don’t have a mobile device can receive a small hardware token about the size of a USB memory stick that displays a random number. After you have entered your password the webpage or application you are logging into prompts you for the number currently displayed on your token.
  • Universal 2-Factor (U2F) – Universal 2-Factor devices are an emerging standard for multi-factor authentication. U2F tokens are USB devices similar in size to the hardware token. However, unlike the hardware token, the U2F token talks directly to the authentication process. Rather than typing the challenge response into the application pressing a button on the U2F token transfers the response to the application.