Two-factor authentication by Duo

The Texas A&M University System participates in the InCommon two-factor authentication program with Duo Security which can greatly enhance our security using multi-factor authentication technology. TTI has successfully implemented Duo Security for all TTI services that are publicly accessible and for internal high-risk services.

To enroll in two-factor authentication, please visit https://duo.tti.tamu.edu and follow the instructions. Once you are enrolled, you can return to https://duo.tti.tamu.edu to add or remove additional phone numbers, enroll devices, and test two-factor authentication logins.

Why do we need two-factor authentication?

Passwords are notoriously insecure. Many users choose weak passwords which can be easily guessed or cracked. Phishing attacks trick people daily into revealing their passwords (Texas A&M University System employees have been specifically targeted and have had their payroll direct deposit diverted to an attacker's bank account because they inadvertently disclosed their login credentials). Users on unsecured networks (e.g. at coffee shops) can also have their passwords sniffed, and malicious viruses and spyware can capture passwords and send them over the network to attackers. It’s impossible to tell who has access to your accounts or even if anyone is accessing them illicitly.

The most practical way to strengthen authentication is to require a second factor after the username/password stage. Since a password is something that a user knows, ensuring that the user also has something thwarts attackers that steal or gain access to passwords.

Why Duo Security rather than another two-factor authentication solution?

Traditional two-factor authentication solutions use hardware tokens (or “fobs”) that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $125 each. It takes time and effort to distribute them, track who has which one, and replace them when they break. They’re easy to lose and hard to use, and users consistently report high levels of frustration with token-based systems.

Duo leverages the mobile phone as the second factor. It’s a device that people already have, know how to use, and notice when it’s missing. Using an existing device reduces deployment and training costs, and improves the end-user experience of the entire system. Duo Security works with all phone types, from landlines to smartphone platforms. In the simplest case, users receive a push notification on their phone and press a button to authenticate. This improves the experience over other mobile phone-based authentication solutions that generate a six-digit one-time password that must be retyped by the user.

What if I do not have a mobile phone?

Duo Security can use USB hardware tokens or traditional one-time password tokens as an alternative to a mobile phone. If you do not have a mobile phone, you may request a hardware token by submitting a catalog order from the TTI User Portal (helpdesk.tti.tamu.edu) under Order Something > Accounts and Identity Management > Duo Two-Factor Hardware Token.