Administration

Faculty and staff required to enroll in two-factor authentication (2FA)

As of this spring, 2FA will become mandatory for logging in to WebAccess

Beginning this spring, all Penn State faculty and staff members will be required to use two-factor authentication (2FA) to log in to WebAccess, the University’s authentication system. Credit: Penn State. Creative Commons

This article, part of Penn State's ongoing Secure Penn State series, provides information about Penn State’s two-factor authentication (2FA) service and upcoming changes for faculty and staff.

Beginning this spring, all Penn State faculty and staff members will be required to use two-factor authentication (2FA) to log in to WebAccess, the University’s authentication system that protects such systems as WebMail, ANGEL (and Canvas), the Employee Self-Service Information Center (ESSIC) and more.

If you are a Penn State faculty or staff member, you will need to enroll in the 2FA service (if you haven’t already) by your area’s assigned enrollment date to ensure a seamless transition and avoid disruptions logging into online systems and services. 

If you are not enrolled in 2FA by your area's assigned enrollment date, you will not be able to access the more than 2,300 WebAccess-protected sites and systems until you complete the enrollment process. Keep in mind that it is also important to enroll more than one device (such as a smartphone and desk phone) in 2FA to avoid difficulties authenticating if you lose or don’t have your only enrolled device with you.

Penn State students and retirees are not required to use 2FA. Research partners from other institutions (who access Penn State systems using Friends of Penn State accounts or their own university credentials) are also not required to use 2FA. However, some individuals in these groups (who work for the University or who have access to secure systems) may be required to enroll.

The 2FA process — which offers a second layer of security —  is similar to how you protect your bank account with a pin number (something you know) and debit card (something you have) when you withdraw money from an ATM.

After you have enrolled in 2FA, you will continue to log in to WebAccess with your Penn State user ID (i.e., xyz5000) and password (something you know). As part of the 2FA process, you will also need to confirm your identity using a device such as a mobile phone, tablet or desk phone (something you have).

Because 2FA uses two methods of authentication to verify your identity, it offers more than one layer of protection against the sophisticated tactics of cyber criminals and, therefore, makes Penn State information and your online identity less vulnerable to theft.

According to the 2015 Verizon Data Breach Investigations Report, 95 percent of breaches involve the exploitation of stolen credentials, many of which can be traced back to passwords stolen from company employees.

To guard against this type of theft, more than 20,000 Penn State students, faculty, and staff are already using 2FA to further safeguard personal and University information, intellectual property, research, and data. Penn State is not alone in adopting 2FA. Amazon, Google+, Facebook, Twitter, and many other companies now offer 2FA to their customers, while students, faculty, and staff at such Big Ten universities as Michigan State University, University of Nebraska-Lincoln, and University of Minnesota are also using the method. In addition, President Obama recently endorsed 2FA as part of a national cybersecurity action plan.

How to get help

If you need assistance related to 2FA, contact the IT Service Desk at 2FAsupport@psu.edu. For instructions, enrollment tips and answers to commonly asked questions, visit Get2FA.psu.edu.

This article was updated on March 10, to clarify enrollment deadlines. 

Last Updated March 10, 2016