UL2FCTR/DUO

Owned by Chris Weaver
Last updated: Feb 23, 2023 by Sara Northerner
3 min read

 

WHAT IS TWO-FACTOR AUTHENTICATION?

Two-factor authentication adds a second layer of security to your online accounts by requiring a second piece of information before you can log-in to a site. Verifying your identity using a second factor (a verification code created for you and sent to/by another device) improves privacy and security.

WHY DO I NEED UL2FCTR?

Through Duo's two-factor authentication, UofL's Information Technology can provide better protection for your personal information and increase the security of campus data assets. The second factor of authentication is separate and independent from your UofL userID and password. The two-step confirmation process insures that you are the one accessing your account.

Beginning October 25, 2018, all employees using UofL Financials online systems must use UL2FCTR to sign-in. This second level of security is already required for employees to access all PeopleSoft HR-related systems (since 4/23/18) on ULink, such as reviewing paychecks, making annual open enrollment elections, etc.

Beginning July 19, 2022, ITS will add Conditional Access to Virtual Private Network (VPN) sign-on. If your sign-on location or digital device registers as unfamiliar to the system when accessing the VPN you might be asked to use UL2FCTR(Duo) to verify your identity. You will not need to make any changes to your settings or Global Protect software.

If you have issues, contact our IT HelpDesk.

HOW IT WORKS

You will need your UofL userID and password to begin on a desktop or personal computer plus an additional device that only you have, such as a smartphone or tablet. UL2FCTR / Duo uses that second device to deliver the second factor. Specifically, it generates a second, temporary password and sends it to you, typically by text or via an application so that you can verify the access. Downloading the Duo application to a smart device for this process is preferred but optional. You will want to choose more than one option of how to sign-in with Duo. With mobile phones, in order to prevent unnecessary Duo accounts lockouts and other mobile text service problems, IT highly recommends that employees download the Duo app onto your mobile device and use 'push' notifications. UofL is not liable for costs associated with the use of a device including data, overages or roaming charges.

Why am I being prompted to update my security key when I authenticate with Duo?

If you are logging into Duo with a U2F security key that has not been enrolled as a WebAuthn device, you will see a message in the Duo Prompt asking you to update your security key.
This message will appear only for end-users whose Duo administrators have selected WebAuthn as an allowed authentication method in their Policy & Control settings. This message will also appear only in browsers that support WebAuthn.
Once your security key has been updated, your Duo authentication experience will remain the same as it is today. However, you will be able to use your security key in more browsers. Updating takes a couple of seconds.
Enrolling a security key as both a U2F and a WebAuthn device will also enable the security key to work with the Duo Universal Prompt once it is released.
You have the option to skip the security key dual-enrollment step, but will be asked the next time you authenticate.

VPN and Duo Issues - Troubleshooting Guide

Related: Why do Security Keys and Touch ID only work in certain browsers?