2SV: What is 2-Step Verification (2SV)?

Passwords are the main way VIU accounts are protected today. However, passwords alone are no longer enough to secure your important documents and access. Cyber criminals can get into your account if they guess your password correctly. They can also trick you into sharing your password by using a phishing email or finding a stolen password that has leaked on the internet. That's why almost all online services (including social media, banks, shopping, etc.) have added a way for your accounts to be more secure. This includes higher education institutions, which have become prime targets of phishing and ransomware attacks in recent years.

What is 2-Step Verification (2SV)?

2-Step Verification (Also commonly referred to as 2SV, Multi-factor Authentication (MFA) or 2-Factor Authentication) allows you to log in only after successfully presenting two or more pieces of evidence or "steps". These steps are a more secure way of verifying that it's you when you try to log in. For example, a password is one kind of step, it's a thing you know.

The three most common types of steps are: 

  1. Something you know - Such as a password
  2. Something you have - Such as a smart phone or a hardware Token
  3. Something you are (also called biometrics) - Such as a fingerprint or facial recognition (VIU does not currently employ this method.)

Employees at VIU will soon be required to use 2SV for some services. With 2SV, your account will be protected with both your password AND your phone (via a text, phone call, or app), or a Hardware token, provided by VIU, to be used on your computer. This adds an extra layer of security that prevents unauthorized access to your account and helps to ensure that student and employee data is protected.

What VIU services will require 2SV?

  • VIU email (Outlook and Webmail)
  • Microsoft 365
  • IT Client Portal
  • OneDrive
  • Teams
  • Other services will eventually be added to this list

How does it work?

After completing the 2-Step Verification enrollment process and having 2SV activated for your account, you'll be prompted to enter your password AND a verification code when you sign-in to your email account for the first time on a new device. After the initial sign-in, the device will be trusted and will no longer prompt for approval the next time you sign-in.

When will 2SV be required for employees?

The 2SV Voluntary enrolment phase runs until May 22, 2023 for all VIU faculty and staff. After that, 2SV will be mandatory for all employees.

Will 2SV be required for students?

A date has not yet been set to open 2SV up to students.

How do I enable 2SV for my account?

Interested in getting set up with 2SV early? You can get set up now by following the link below.

How do I set up 2SV?

Will I need to set up 2SV for each application?

You do not. One setup will work across all relevant applications/programs. You only need to enroll once.

Will 2SV slow down the performance of my applications?

No, there is no impact on system performance.

How long does the verification last?

Verification lasts for 30 days, at which point you will be prompted to verify again the next time you sign in.

Do I need to verify for every application I use?

Yes. Each applicable app requires it's own verification, and each verification last for 30 days, on it's own timer.

What if I get a verification I did not request?

  • Check your logged in devices (Computers, mobile devices, etc.) for prompts.
    • Remember that each app on each device requires re-authentication every 30 days
    • Apps like email or teams on a mobile device will likely try to authenticate repeatedly
    • Make note of the location that the request is coming from. While not precise, the notification should provide the general area that the request is coming from.
  • If it is not your device(s), Deny the request and Change Your Password immediately
    • You'll only receive a verification request from a program that already has your password. If it doesn't come from your devices, it came from someone else that's already compromised your password. 
    • Note: A common tactic in these situations is to repeatedly send verification requests until you say yes, just to make the notifications stop. This has been observed in security breaches at Uber and other high profile companies.

What is the recommended method of 2SV?

The Microsoft Authenticator mobile app is the recommended method for most users, as it is the most secure. It provides both online and offline code options to log in, which is useful if you are at an offline location (such as out of country). The Microsoft Authenticator app takes up very little space on your phone, and you can use the app without an Internet connection or cellular data.

Can I 'Opt out' of 2SV?

Once you are signed up for 2SV, there is no option to opt out. 2SV will be required to access some applications moving forward, so users of these applications will need to be enrolled. 

How much data does the Microsoft Authenticator app use?

Very little. The Microsoft Authenticator app uses less than 2KB per online authentication.

Can I use a different authenticator app?

While the MS authenticator app is the default, you can use any compatible authenticator app. Please note that there will be limited or no support from the IT Service desk for non-MS apps.

I have more questions. Where can I get assistance?

A few different places!

  • You can find non-IT peer support via Teams. 
  • For issues in signing up or verifying your applications, you can reach out to the IT Service Desk at ithelp@viu.ca
  • You can call the IT Service Desk at 250-740-6300/1-833-902-6301 (Toll Free), Monday to Friday, 8:00 AM - 4:30 PM

Details

Article ID: 2920
Created
Sat 2/12/22 6:42 PM
Modified
Mon 1/30/23 1:39 PM