2-factor authentication (2FA), also known as multi-factor authentication, is an extra layer of security you can add to the login process to secure your accounts beyond just a username and password. 2FA takes something you know (e.g., password, pin number), something you have (e.g., cellphone, token) or something you are (e.g., fingerprint, facial recognition) and requires two of them to log in. Here at FSU, we use Duo 2FA for our applications, but there are other versions of 2FA you can enable for your personal accounts. Other common places where you may encounter 2FA are bank accounts and some social media profiles.
Types
Knowledge
(Something You Know)
Knowledge is the basic level of authentication we all know. This is either a password or identification number that grants you access to your account.
Possession
(Something You Have)
Possession is adding a level of security that involves something you physically own, such as a mobile device, tablet or special token. This is how Duo Mobile works. Your login is connected to a specific device that will send a push notification for you to confirm you are logging in. Some applications require you to enter an on-screen code or key to verify the push.
Inherence
(Something You Are)
Inherence is physically who you are, also known as biometrics. This could be a fingerprint or face scan through your device that grants you access.
Warning Signs
Unrequested Notification
If you get a request from Duo or any other 2FA application and are not trying to log in, do not accept the request. 2FA is here to protect your account. If you accept requests you did not ask for, you could be letting in a hacker.
Tips
If you are not actively logging in, do not accept a push notification
Do not use “remember me” functions on shared devices
Enable 2FA on all accounts where it is available
If your 2FA is device dependent, make sure you have a backup authentication method in case you lose your device
Enable Duo Restore on your device to automatically back up your account to a new device