ITS Blog

Questions About 2FA? We Have Answers!


Students, faculty and staff need to protect their accounts with two-factor authentication (2FA) for Single Sign On (SSO), CAS and Pulse Secure/VPN now to continue to use IT services without interruption. Also, it's required to utilize Google 2-Step for Google Workspace and Bmail.


Note: For convenience, CAS and Pulse Secure VPN will use the same Bing OTP authenticator registration.

 

For questions or assistance, contact the Help Desk at 607-777-6420 or helpdesk@binghamton.edu.


Two-factor authentication (2FA) is an additional security measure the Binghamton University campus has adopted to help avoid or prevent data breaches, automated attacks, targeted phishing and hacking. For an individual to access his/her account, in addition to the username and the password, 2FA requires the individual to input a one time password (BingOTP) verification code, also called a secret token, which  is generated from an app installed on your personal device or an extension from your browser.


  1. What do I need to do to set up 2FA, and by when?

To enable 2FA, you need to install and run an app on a device you have with you such as a smartphone, tablet or a laptop. ITS would like everyone signed up as soon as possible BEFORE 8/01/21.


  1. What are the best ways to implement 2FA?

While there are multiple ways to implement 2 Factor Authentication, ITS recommends using Google Authenticator, Authenticator Browser Extension or  Authy. ITS has found that Google Authenticator is best for phones, the Browser Extension is best for laptops and Authy is best if you want to use both your phone and laptop.


  1. How long does it take to enable 2FA?

It barely takes 5 minutes for an individual to enable 2FA using any of the means or methods mentioned in #2. And, to use your BingOTP (one time passcode) it takes no time at all, just plan ahead if you’re in a crunch. For example, if you are going to go on a Zoom meeting at 12:00 PM, make sure you start logging on at 11:50, just so you’re not feeling rushed.


  1. How long does it usually take for 2FA to work?

Once the BingOTP is entered, depending on your Wi-Fi, it should take less than 5 seconds for 2FA to work. OTP codes expire every 30 seconds (if the code changes from blue in color to red - that means it is about to expire, wait a few seconds for a new code to be set - it will be blue in color - and use the new code before it expires)!


  1. What is the safest 2FA application? 

It really depends on the user’s preference. However, Authy has been regarded as the most secure way to implement 2FA by The New York Times.


  1. Where can I get the applications to enable 2FA? 

Google Authenticator & Authy can be downloaded on both Google Play Store and Apple App Store, while you can add a browser extension in your personal laptop if you want to enable 2FA through your desktop computer/laptop. Please visit https://www.binghamton.edu/its/two-fa/index.html for more information.


  1. Is the 2FA for Central Authentication System (CAS) and Pulse Secure VPN the same? 

No, 2FA for CAS and Pulse Secure aren’t the same; two separate registrations are required. HOWEVER: Please be aware that beginning on Tuesday, July 13, 2021 both Pulse Secure and CAS will use the same Bing OTP authentication registration.


  1. When do I have to set up 2FA by?

Binghamton University is asking that all individuals use 2FA for services including Brightspace, myBinghamton, BU Brain and others now. The entire campus will be required to use 2FA before the start of the fall semester so opting in as soon as possible will help keep your access safer.


  1. How effective is 2FA and is it secure?

2FA prevents bulk phishing and targeted attacks; a lot of automated attacks and data breaches can be avoided using 2FA. 


No security measure can ever guarantee absolute security, but 2FA can mitigate and help protect you from most of the vulnerable attacks. Even if a perpetrator ends up getting a hold of your account’s username & password, they cannot access your account without the secret token/passcode making it more secure comparatively.


  1. Am I being charged for the additional security?

No, 2FA is totally free of cost.


  1. Does the 2FA application consume my personal data/private information?

No, the 2FA applications do not consume any of your personal data or information; However, if you are still doubtful you can disable the access to everything on your device for the respective 2FA application.


  1. Would I be charged on my carrier for additional usage of internet/data?

The initial download of the application might consume some of your data plan if you are not using Wi-Fi. However, once downloaded and linked to your Binghamton University Single Sign-On (SSO) account, the application works without using data or cell phone minutes.


  1. Do the 2FA applications have access to my passcodes?

The 2FA applications technically do not have access to the passcodes, as the passcodes are generated independently using certain Machine Learning and AI algorithms that function independently. The secret tokens are totally unknown to the 2FA apps as they are made with different permutations and combinations in different scenarios. So, the 2FA applications are totally unaware of the passcodes generated.


  1. What is the difference between MFA (multi-factor authentication) & 2FA (2-factor authentication)?

2FA is the combination of something  you know (i.e. your passcode) & something  you have (i.e. your cell phone, laptop or tablet), while MFA is 2FA plus  something that is unique to your physical being. MFA would require an additional attribute like a biometric, Iris, or voice, fingerprint or face recognition to allow an individual to access the account.


  1. What happens when you lose the device with 2FA or forget it somehow?

Backup codes help a user to login in a scenario where the device is lost or forgotten. While you are setting up 2FA, it will give you a backup code before you proceed. Saving backup codes offline would help you access your account when the device is lost. Backup codes are usually provided by all 2FA utilities, they can be used in dire circumstances. It is recommended that the backup codes are written and saved physically, yet securely, thereby to proceed accordingly.


Having the 2FA on all of the individual’s devices can prevent the above mentioned circumstances and when the device is lost, The lost device can be simply removed and de-authenticated accordingly.


If you think you do not have the backup codes and aren’t registered on any additional devices, the password page can help you with a way to log in.


  1. Can 2FA be enabled on multiple devices? 

Yes. 2FA can be enabled on all user devices. Scan the same QR code on all the devices that you’d like to set up 2FA with. Check and compare if all the security tokens are the same - if they match you are all set. Having 2FA setup on multiple devices would be handy when a device is lost.


  1. Can I transfer the 2FA to my new device?

Use the add multiple devices option if available (or) download the application on the new device, authenticate it using the older device and delete it on the old device if required (or) disable 2FA and re-enable using the new device. 


  1. Can I migrate across varied 2FA utilities?

Yes. To migrate across different 2FA utilities, you need to disable the 2FA using the utility that you would like to discontinue with and then enable it with the one you want to proceed ahead with. 



GO TO: https://binghamton.edu/its/two-fa


Have any queries or concerns?

Check out our last 2FA blog as well! Also, you can contact the Help Desk at 607-777-6420 or helpdesk@binghamton.edu. We are happy to help you.