2-Factor Authentication Frequently Asked Questions

Two-factor authentication (2FA)

The following are the most commonly asked questions about 2FA:

2FA explained

  • What is two-Factor Authentication (2FA)?  

    Two-factor Authentication (2FA), sometimes referred to as multi-factor authentication, requires the user to provide two or more verification factors to gain access to a resource such as an application, online account or VPN. Instead of requiring only a username and password, 2FA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.

  • Why is 2FA important?

    The use of 2FA will enhance Binghamton University's information security by requiring users to identify themselves by more than a username and password. While important, usernames and passwords are vulnerable to attacks by third parties that utilize programs to generate usernames and passwords to try to gain access to a user’s devices. Using a 2FA factor like a thumbprint or physical hardware key means increased confidence that the University’s data will stay safe from cyber criminals.

  • How does 2FA work?

    2FA requires additional verification information (factors). One of the most common that users encounter are one-time passwords (OTP) — those 4-8 digit codes that you often receive via email, SMS or some sort of mobile app and that are for one use only. With OTPs, a new code is generated periodically or each time an authentication request is submitted. The code is generated based upon a seed value that is assigned to the user when they first register and some other factor that could simply be a counter that is incremented or a time value.

  • What are the three main types of 2FA authentication methods?

    Most 2FA methodologies are based on one of three types of additional information:

    • Things you know (knowledge), such as a password or PIN
    • Things you have (possession), such as a badge or smartphone
    • Things you are (inherence), such as biometrics like fingerprints or voice recognition
  • What are some examples of 2FA?

    Examples of 2FA include using a combination of these elements to authenticate:

    Knowledge

    • Answers to personal security questions
    • Password
    • OTPs (This can be both knowledge and possession: You know the
    • OTP and you have to have something in your possession to get it, such as your phone.)

    Possession

    • OTPs generated by smartphone apps
    • OTPs sent via text or email
    • Access badges, USB devices, Smart Cards or fobs, or security keys
    • Software tokens and certificates

    Inherence

    • Fingerprints, facial recognition, voice, retina or iris scanning or other biometrics
    • Behavioral analysis
  • Do I use the same One-Time Passcode/six-digit code for Single Sign On (CAS) 2FA as for using the VPN? (New Feb. 5, 2021)

    No, at this time you will need to have two: one for Single Sign On/CAS and one for the Pulse Secure VPN/SSL. It's expected that, at a future date, ITS will combine them so you will only need one. 

  • Do I need to install the authenticator app on every device I use? (New March 24, 2021)

    No. If you install the authenticator app on your smartphone and you have your smartphone with you most of the time, you can easily get the second factor code from your phone no matter what device you use to log into CAS. 

    If you don't have a smartphone, then you need to consider how you are going to get the second factor code when you need to log into CAS. If you only log in at work, set up the browser plugin or app on that computer then add the email option as a backup. If you find that you are logging in more often at home, you can install the authenticator and link it to CAS-2FA  on additional devices at any time. ITS recommends that you have a backup option, such as email, no matter which authenticator option you select.

  • What if I'm in class and forgot my phone for my OTP (One-Time Passcode)? (New Feb. 5, 2021)

    Information Technology Services  strongly recommends having a back-up method to get your OTP because the Help Desk is not be able to override or disable 2FA. 

    After you initiatlly set up your authenticator app, you can print off a set of OTPs that you can keep in your wallet/purse, or set up authenticator apps on additional devices. You can also set up an email account where the OTP can be emailed to. 

Google Authenticator

Binghamton has already implemented Google Authenticator for the 2FA for the Pulse Secure VPN, and is using Google Authenticator to implement 2FA for other systems. (See information on Authy below for an alternate authentication system.)

Using the Google Authenticator

Authy Authenticator

Help and support