Two-Step Verification
Two authenticators to keep you safe
At UNC, there are 2 ways to 2-Step. We know that having more than one way to verify your identity might seem confusing at first, but these two industry-standard tools are the most effective ways to protect your accounts.
Office 365 has 2-Step Verification built-in.
For all other 2-Step uses on campus, including VPN and online W-2s, we use Duo Security.
Get Started: Download the Duo and Microsoft authenticator apps to your phone
Whether you are setting up 2-Step for use with Office 365 or applications that use Duo, the easiest method for both is to use the available phone apps. Simply search “Duo Security” and “Microsoft Authenticator” in your app store to download these free apps.
Enroll in 2-Step for Office 365 (Heelmail)
To setup 2-Step for Microsoft Office 365 (MFA) download and install the Microsoft Authenticator App to your device:
Go to office.unc.edu and at the UNC Login screen, you will be prompted to set up MFA.
Enroll in Duo Security
Duo Security is used by all non-Office 365 applications on campus that require 2-Step for access. To get started, visit onyen.unc.edu and click on “2-Step Verification for Duo.” You’ll need your PID and mobile phone to complete registration. Pro tip: be ready to set up a preferred method and a back-up option. That way, if you lose your phone or leave it at home, you’ll have an alternate way to authenticate your accounts.
How 2-Step Verification works
When you activate 2-Step, you will be required to log in with both your password and an additional security measure, such as:
- a code delivered via text or mobile app
- a push (or pop-up) notification on your smartphone
- a voice call delivered to your office or cell phone
How sign-in changes
- STEP 1: Enter your password. Whenever you sign in to a 2-Step protected account, you’ll enter your username and password as usual.
- STEP 2: You’ll be asked for something else to confirm the access request. A code or notification will be sent to your phone via text, mobile app or a voice call.
- STEP 3: Enter the code, accept the push notification, or answer the voice call. This confirms “you’re you.” Report any unexpected pushes or voice calls to 919-962-HELP as these errant notifications may be a fraudulent attempt to bypass the protection offered by 2-Step.
2-Step provides an extra layer of security
Activating 2-Step Verification boosts protection of your account from hackers. We are all used to having one layer of security — our password — to protect our accounts. With 2-Step, if bad guys get through the password layer, they will still need your phone or other second verification methods to get into your account.
If you receive a verification request on your phone that you didn’t prompt, you’ll know that someone is trying to access your accounts. You will deny that request and then work with the ITS Service Desk to reset your password and secure your account.
Protecting the University is a team effort
On our campus and at universities across the country, phishing emails are very common. All it takes is one person to click on a bad link and unknowingly share their credentials for a domino effect of compromised accounts to quickly proliferate across campus. In November 2017, there were more than 5,000 reports of phishing emails! Most of these reports were emails coming from legitimate University email addresses that had been compromised. 2-Step Verification can help keep bad guys out, even if they get your username and password through a phishing attempt.
Your credentials are valuable to criminals
When bad guys steal your username and password, they have the ability to lock you out of your account, and then do any or all of the following:
- Pretend to be you and send unwanted or harmful emails to campus
- Go through — or even delete — all of your emails, contacts, files, etc.
- Use your work account to reset the passwords for any of your personal accounts that may use your UNC email as the username (banking, shopping, etc.)
2-Step keeps both you and the University safer by adding an extra layer of security to the sign-in process.
2-Step Verification
Services that require 2-Step:
- Required for all faculty, staff, and students in Office 365
- Student Financials in ConnectCarolina (Duo)
- Online W-2 access (Duo)
- Campus VPN (Duo)
- Multiple IT administrative applications (Duo)
- 1-Phish, 2-Step rule
- ConnectCarolina Administrative Users
- Multiple applications for Research Administration
- Qualtrics (Duo)