Skip to Content

University Technology Services


Multifactor Authentication

As cybersecurity tools become more sophisticated, hackers shift toward targeting users, not computers. If a hacker can discover an authorized user’s password, they’re far less likely to sound any alarms as they access the university’s data and resources.

Welcome to the future of authentication.

Computing has changed drastically in the past 30 years. We share and consume more data today than at any previous point in history. There are also more people attempting to make a living by stealing that data.  It is time the ways we authenticate begin to catch up with modern needs. Multifactor authentication is a key piece to that puzzle.

What is multifactor authentication?

Multifactor authentication (MFA), sometimes referred to as two-step or two-factor authentication, is an overly technical-sounding term for a very simple solution. Think of it as “password plus.” It operates on the assumption that just because someone knows your password, that doesn’t necessarily mean they are who they claim to be. It is an easy way to make sure that the only one using your credentials is you.

How does it work?

The first common layer of security we are all familiar with is a password. We all deal with passwords each day. But, what happens if someone steals or discovers your password? Anyone could access your accounts! That's where MFA comes in. Without MFA, anyone who knows (or cracks) your password can gain access to your account. If MFA has been enabled to protect an account, a password alone will not grant access.

Using MFA is similar to using your debit card at an ATM to get cash. To get cash, you must have your debit card and know your PIN. Similarly, MFA combines something you know (your password) with something you have (your phone, a token, a key fob, etc.).

Why do I need to use multifactor authentication?

Enabling an MFA service adds an additional layer of protection to your accounts and the data you access through them.  Think of MFA as a new deadbolt lock for your accounts. Because MFA requires something only you have, if your password gets stolen, it will be much more difficult for someone to access your account and subsequently compromise university data.

Effective July 1, 2016, the State of South Carolina will require MFA to remotely access systems on the USC network. MFA must be added on a system-by-system basis, beginning with the VPN. You can expect to see it on other university applications –such as Banner, BlackBoard, and PeopleSoft–over time.

Who can use multifactor authentication?

The university's implementation of DUO Security as an MFA solution is licensed to include all faculty, staff, university affiliates, and students, with the capacity for discretionary additions on a case-by-case basis.

If you believe a service should be protected by MFA through DUO Security, speak with your local IT representative.

How do I get started?

To prepare for this new requirement, employees and students need to complete the enrollment process. For an overview of the set up process, click here

Supported two-factor authentication methods include:

-       DUO Security app for mobile devices with one-tap authentication (can be downloaded for free from your App Store),
-       SMS passcodes (a text sent to your mobile phone),
-       receiving a phone call to your desk or mobile phone to verify identity,
-       hardware tokens, (sold at the University Bookstore for $20 each),
-       and one-time bypass codes (retrievable from https://my.sc.edu/multifactor/)

Training and Documentation

Users may find the following documents helpful.
     Developer's Product Overview (pdf)
     One Stop User's Brochure (pdf)
     FAQ (pdf)
     Self-Enrollment (pdf)
     Awareness Poster/flyer
     Documentation (login required)

Solution

List Thumbnail

Duo Security

Duo Security is a multifactor authentication service that provides additional security for access to institutional and personal data. Duo offers several options for authenticating users: a mobile push notification, one-button verification of identity to a smartphone, as well as voice and SMS verification.  Ask your local systems administrator or SA contact if Duo Security is right for you.

Quick Links