To protect against phishing and other exploits of stolen passwords, Information Services implemented Duo Security two-factor authentication for off-campus access to BannerWeb on February 5, 2019. Duo is also used for faculty, staff, and student use of our campus VPN.

Shana Bumpas, Director of Information Security says, “The volume of password dumps from data breaches, increases in computer power to crack passwords, and relentless onslaught of phishing attacks has rendered passwords nearly obsolete.  Username and password alone is no longer sufficient to protect access to systems and sensitive data.  Duo two-factor authentication (2FA) offers a second authenticator that is less susceptible to compromise because it is something the user has in their possession and cannot be downloaded, brute forced, or phished (when options are limited).  There are several cyberattacks that specifically target university’s ERP systems, like BannerWeb, and 2FA is the most effective method to protect against unauthorized access.”

In the past, individuals used only their NetID and password to log in to BannerWeb. Now, to log into BannerWeb from off campus, Duo Security is required. Two-factor authentication strengthens security by requiring two factors to verify your identity, such as something you know (NetID/password) plus something you have (mobile device/app). Using the free Duo Mobile smartphone app (for iOS, Android) is the simplest and preferred method for obtaining the second-factor codes. An alternative is to purchase a Duo key fob at the UR SpiderShop.

Use of Duo Security two-factor authentication to access the VPN has been required since February 5, 2019. Students will need Duo for off-campus access to housing and registration in March and April. Instructions on how to set up two-factor authentication and how to log into BannerWeb using Duo are available on the Information Services website. If you have questions, please contact the Help Desk at helpdesk@richmond.edu or (804) 287-6400.