Service Description
An unplanned interruption to your Mines' Multifactor (also called 2-factor) Authentication experience, which can include issues with the Service Provide (DUO) directly or a lost/forgotten device.
Audience
Our multi-factor authentication service applies to all active Mines' employees and students.
Exceptions: valid exceptions, like medical reasons with official evidence, must be communicated through either HR for employees or the Registrar's Office for students. Please reach out to these departments to discuss potential exceptions.
Service Levels
Multi-factor authentication became mandatory for all active Mines' employees and students through Spring 2021. A good number of our main services are MFA protected, with those remaining becoming protected over the coming months.
Requirements
Multi-factor authentication (MFA), sometimes called two-factor authentication, requires the use of a physical device (usually a mobile device or designated FOB hardware token). in addition to a password when logging into an account. Without both factors – the device and the password – you cannot login. This makes a stolen password alone effectively worthless.
Service Charges
This service is provided free of charge. However, standard data rates from your carrier may apply if using your mobile device off campus (not on Wifi).
Requesting the Service
This service is mandatory for all active Mines' employees and students. For those who are MFA unenrolled - which is almost entirely new faculty, staff, or students - who have otherwise claimed their username, the easiest way to become enrolled is to commence logging into an MFA-protected web-service like Canvas, the library, or Global Protect VPN. This will automatically push you into the enrollment workflow from which you will end up being correctly setup after a minute or two. For this you need to have an available device running iOS/iPadOS or Android; or read through the next paragraph to obtain a physical hardware fob device from ITS.
Alternative ways of enrolling yourself into MFA include: using the "Submit Request" button located on this page to create a service request to be processed by ITS (including making a request for a physical hardware fob device); or through visiting the Mines Service Center (MSC) or calling x2345 (303-384-2345) during MSC staffed times. In this case, a Student Consultant will process your application for MFA enrollment.
Documentation
Additional information can be found at the ITS website: https://its.mines.edu/mfa/
HOW DOES MINES’ MULTI-FACTOR AUTHENTICATION SYSTEM WORK?
Mines has selected Duo Security to provide multi-factor technology to Mines. The Duo solution is flexible and secure while at the same time providing a simple and straightforward user experience. Using Duo to login to an account involves three steps.
- Enter your username and password as usual.
- You will be sent a challenge that requires you to prove you have the device associated with your account.
- After verifying your identity, you will have access to your account the same as always.
HOW DO DEVICE CHALLENGES WORK?
Users may configure one or more mechanisms to prove that they have the device associated with their account. Once configured any one mechanism is sufficient to authorize a login.
- Duo Push – An application installed on your mobile device will pop-up a message immediately after you have entered your password. The login process will stall until you press the OK button on the pop-up. Once you have pressed OK the login process completes automatically.
- Hardware Token – Users who don’t have a mobile device can receive a small hardware token about the size of a USB memory stick that displays a random number. After you have entered your password the webpage or application you are logging into prompts you for the number currently displayed on your token.
- Universal 2-Factor (U2F) – Universal 2-Factor devices are an emerging standard for multi-factor authentication. U2F tokens are USB devices similar in size to the hardware token. However, unlike the hardware token, the U2F token talks directly to the authentication process. Rather than typing the challenge response into the application pressing a button on the U2F token transfers the response to the application.