As cybersecurity tools become more sophisticated, hackers shift toward targeting users,
not computers. If a hacker can discover an authorized user’s password, they’re far
less likely to sound any alarms as they access the university’s data and resources.
Computing has changed drastically in the past 30 years. We share and consume more
data today than at any previous point in history. There are also more people attempting
to make a living by stealing that data. It is time the ways we authenticate begin
to catch up with modern needs. Multifactor authentication is a key piece to that puzzle.
What is multifactor authentication?
Multifactor authentication (MFA), sometimes referred to as two-step or two-factor
authentication, is an overly technical-sounding term for a very simple solution. Think
of it as “password plus.” It operates on the assumption that just because someone
knows your password, that doesn’t necessarily mean they are who they claim to be.
It is an easy way to make sure that the only one using your credentials is you.
How does it work?
The first common layer of security we are all familiar with is a password. We all
deal with passwords each day. But, what happens if someone steals or discovers your
password? Anyone could access your accounts! That's where MFA comes in. Without MFA,
anyone who knows (or cracks) your password can gain access to your account. If MFA
has been enabled to protect an account, a password alone will not grant access.
Using MFA is similar to using your debit card at an ATM to get cash. To get cash,
you must have your debit card and know your PIN. Similarly, MFA combines something
you know (your password) with something you have (your phone, a token, a key fob,
Why do I need to use multifactor authentication?
Enabling an MFA service adds an additional layer of protection to your accounts and
the data you access through them. Think of MFA as a new deadbolt lock for your accounts.
Because MFA requires something only you have, if your password gets stolen, it will
be much more difficult for someone to access your account and subsequently compromise
Effective July 1, 2016, the State of South Carolina will require MFA to remotely access
systems on the USC network. MFA must be added on a system-by-system basis, beginning
with the VPN. You can expect to see it on other university applications –such as Banner,
BlackBoard, and PeopleSoft–over time.
Who can use multifactor authentication?
The university's implementation of DUO Security as an MFA solution is licensed to
include all faculty, staff, university affiliates, and students, with the capacity
for discretionary additions on a case-by-case basis.
If you believe a service should be protected by MFA through DUO Security, speak with
your local IT representative.
How do I get started?
To prepare for this new requirement, employees and students need to complete the enrollment
process. Watch the video of an overview of the set up process.
- DUO Security app for mobile devices with one-tap authentication (can be downloaded
for free from your App Store), - SMS passcodes (a text sent to your mobile phone), - receiving a phone call to your desk or mobile phone to verify identity, - hardware tokens, (sold at University Bookstores), - and one-time bypass codes (retrievable from my.sc.edu)
What systems will begin using MFA on June 5, 2017?
Beginning June 5, 2017, multifactor authentication (MFA), also known as two-step verification,
will be required to access the following additional systems.
Banner (XE, INB, SSB, Workflow)
Post Office Management
PeopleSoft (Self-Service, Training, and Web)
*Some portions of MY.SC.EDU, outlined below, are excluded from the multifactor authentication
Freshman & Preregistration Checklists
Professional School Seat Deposits
Enrollment & Fee Payment
**End-users will now be required to login two times to access VIP resources.
The first login uses the user's network username and password, and requires completing the two-factor
authentication process (as a reminder, your Network Username is the first portion of your email address, which
is a combination of letters/numbers prior to the @ symbol).
The second login allows the user to choose between their VIPID or USCID to authenticate.
Duo Security is a multifactor authentication service that provides additional security for access to institutional and personal data. Duo offers several options for authenticating users: a mobile push notification, one-button
verification of identity to a smartphone, as well as voice and SMS verification. Ask
your local systems administrator or SA contact if Duo Security is right for you.