Skip to Content

Division of Information Technology

Multifactor Authentication

As cybersecurity tools become more sophisticated, hackers shift toward targeting users, not computers. If a hacker can discover an authorized user’s password, they’re far less likely to sound any alarms as they access the university’s data and resources.

Welcome to the future of authentication.

Computing has changed drastically in the past 30 years. We share and consume more data today than at any previous point in history. There are also more people attempting to make a living by stealing that data.  It is time the ways we authenticate begin to catch up with modern needs. Multifactor authentication is a key piece to that puzzle.

Multifactor authentication (MFA), sometimes referred to as two-step or two-factor authentication, is an overly technical-sounding term for a very simple solution. Think of it as “password plus.” It operates on the assumption that just because someone knows your password, that doesn’t necessarily mean they are who they claim to be. It is an easy way to make sure that the only one using your credentials is you.

The first common layer of security we are all familiar with is a password. We all deal with passwords each day. But, what happens if someone steals or discovers your password? Anyone could access your accounts! That's where MFA comes in. Without MFA, anyone who knows (or cracks) your password can gain access to your account. If MFA has been enabled to protect an account, a password alone will not grant access.

Using MFA is similar to using your debit card at an ATM to get cash. To get cash, you must have your debit card and know your PIN. Similarly, MFA combines something you know (your password) with something you have (your phone, a token, a key fob, etc.).

Enabling an MFA service adds an additional layer of protection to your accounts and the data you access through them.  Think of MFA as a new deadbolt lock for your accounts. Because MFA requires something only you have, if your password gets stolen, it will be much more difficult for someone to access your account and subsequently compromise university data.

Effective July 1, 2016, the State of South Carolina will require MFA to remotely access systems on the USC network. MFA must be added on a system-by-system basis, beginning with the VPN. You can expect to see it on other university applications –such as Banner, BlackBoard, and PeopleSoft–over time.

The university's implementation of DUO Security as an MFA solution is licensed to include all faculty, staff, university affiliates, and students, with the capacity for discretionary additions on a case-by-case basis.

If you believe a service should be protected by MFA through DUO Security, speak with your local IT representative.

If you are a new student or employee you will need to claim your account at  Once your initial account is setup you will be able to go to select the Update Account Settings option to setup your Duo account.

Supported two-factor authentication methods include:

-       DUO Security app for mobile devices with one-tap authentication (can be downloaded for free from your App Store),
-       SMS passcodes (a text sent to your mobile phone),
-       receiving a phone call to your desk or mobile phone to verify identity,
-       hardware tokens (sold at University Bookstores)

Beginning June 5, 2017, multifactor authentication (MFA), also known as two-step verification, will be required to access the following additional systems.

CAS Authentication:

  • Banner (XE, INB, SSB, Workflow)
  • BDMS
  • BTCM
  • Chemistry Grad
  • CLAW
  • Cognos
  • DegreeWorks
  • ePrint
  • MY.SC.EDU *
  • PhGrad
  • Post Office Management
  • VIP **

Shibboleth Authentication:

  • Filesub
  • First Step/UmPIRe
  • PeopleSoft (Self-Service, Training, and Web)

*Some portions of MY.SC.EDU, outlined below, are excluded from the multifactor authentication requirement.

  • Freshman & Preregistration Checklists
  • Professional School Seat Deposits
  • Enrollment & Fee Payment

 **End-users will now be required to login two times to access VIP resources. 

The first login uses the user's network username and password, and requires completing the two-factor authentication process (as a reminder, your Network Username is the first portion of your email address, which is a combination of letters/numbers prior to the @ symbol).  

The second login allows the user to choose between their VIPID or USCID to authenticate. 

Users may find the following documents helpful.
     Multifactor Authentication for Students [pdf]

     Developer's Product Overview [pdf]
     FAQ [pdf]
     Documentation (login required)


List Thumbnail

Duo Security

Duo Security is a multifactor authentication service that provides additional security for access to institutional and personal data. Duo offers several options for authenticating users: a mobile push notification, one-button verification of identity to a smartphone, as well as voice and SMS verification.  Ask your local systems administrator or SA contact if Duo Security is right for you.

Quick Links

Challenge the conventional. Create the exceptional. No Limits.