Two-factor authentication is a method of securing access to online resources (e.g. Web Applications, VPN, Servers, etc.) using two independent authentication steps (factors) :
- 1st Factor – What the user knows (NetId/Password).
- 2nd Factor – What the user has (such as your phone, with a security authentication code)
If the first factor (NetID/password) are compromised, the attacker would still need to get physical access to the second factor in order to get access to the targeted online resource.
At Rutgers Two-factor authentication will be called NetID+ and use a combination of your Rutgers credentials (NetID/Password) plus a Duo Security authentication passcode.
How Does NetID+ Authentication Work?
After you enroll for NetID+ , when you access any University central authentication service (CAS) protected web application, you will complete the first authentication step by entering your Rutgers NetID and password in the CAS login page. You will then be prompted to complete the second step using any of the available DUO Security authentication methods.
Available Duo Security 2nd Factor authentication methods:
- Adding second layer of protection to your digital identity.
- Further protects sensitive data you access, even in the event that a NetID/password has been compromised.
- Helps mitigate phishing attacks by preventing access to sensitive information.
- Meets new industry security regulations and compliance.
- Conveniently functions on- and off-campus.
- Enterprise License is centrally funded.
“Over 95% of attacks involve harvesting credentials from customer devices, then logging into web applications with them.” — Verizon 2015 Data Breach Investigations Report
- All Active Rutgers University Employees (Faculty, Staff, Student Workers).
- Active Guests (Visiting scholars, Contractors, etc.).
For your security, it is strongly encouraged that users enroll to use NetID+ 2-Factor authentication which will protect their NetID account when accessing any University’s central authentication services (CAS) protected web applications. Users will be able to enroll in NetID+ using NetID Management application.
Note: It is best to enroll more than one device such as smartphone, tablet, etc. to avoid difficulties authenticating with your NetID+ if your primary device is not available.
Smartphone authentication methods via DUO Push and DUO Mobile passcodes are recommended, use of other 2nd factor authentication methods is not as cost effective.
- Smartphone enrollment (recommended as primary device)
- Tablet enrollment
- Landline enrollment
- Hard Token enrollment
- Supported Mobile Devices
- Add a new Device
- DUO Mobile Push notification login – via a smartphone or tablet. (recommended as primary method)
- DUO passcode login – via a smartphone or tablet.
- Landline or non-smart phone login
- SMS (text message) passcode login
- Hardware Token passcode login
- Bypass code login
International Traveler Information:
You can use NetID+ while traveling abroad. All available authentication methods should work. When cellular service or internet access is not available, the Mobile push will not be available to your device. In this case, you can still use the Duo Mobile Passcodes or hard token if you have one.
You can also request 10 one-time use passcodes to be sent by text message before you travel. See instructions for obtaining passcodes via SMS
You can also request Bypass code from Help Desk . See instruction for obtaining the Bypass code before you travel.
The initial target for NetID+ use will focus on protecting the University’s central authentication services (CAS) protected web applications. CAS protected web applications that are classified as data sensitive or already require multi factor authentications will be targeted to require users to authenticate with NetID+.
Implementation Road Map:
April 2016 – July 2016 :
- Pilot Users : Select OIT members participated in the 2-FA enrollment and use it with the IdM SSO Central Authentication System (CAS).
August 2016 :
- DUO Training for Cornerstone Users: Prepare training and start for the ERP (Financial and Procurement) users .
- DUO Training for Person Registry: Start training for Person Registry administrators.
- Pilot Users : Expand pilot users beyond OIT.
August – October 2016 :
- NetID+ : Available to all university employees and guests.
- Cornerstone: Communicate to Cornerstone users.
October 2016 – December 2016 :
- NetID+ : Additional users Enrollment.
- Person Registry: Complete enrollment for all users of Person Registry .
- NetID+ : Marketing for additional users Enrollment.
- non-Web Services: Expand Duo Security protection to non web services (LDAP, RADIUS, VPN, etc.)