For log on assistance, please contact the IS Support Desk at 792-9700.
Two-Factor Authentication at MUSC
General InformationSomething the user knows (e.g., password, PIN);
Something the user has (e.g., Hardware Token, Software Token, ATM card, smart card, phone); and
Something the user is (e.g., biometric characteristic, such as a fingerprint).
In order to protect against phishing attacks and further strengthen access to sensitive and patient data, MUSC is implementing two-factor authentication for remote access.
Two-factor authentication (TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of "two or more" of the three authentication "factors" ("something the user knows", "something the user has", and "something the user is").
Two-factor authentication is commonly found in electronic computer authentication and seeks to decrease the probability that the requestor is presenting false evidence of his/her identity. Two factor authentication requires the use of two of the three regulatory-approved authentication factors. These factors are:
Frequently Asked Questions (FAQ)What happens if I do not have access to a phone (i.e. no service, dead battery, forgot to bring it with me, etc.)?
If you do not have access to the phone you registered to use with PhoneFactor (Windows Azure Active Authentication), you can login to the MUSC Two-Factor User Portal at https://2factor.musc.edu. You must wait approximately 120 seconds (2 minutes) for the user portal to time out trying to contact your phone. At that point, you will be presented with security questions that you setup during your initial enrollment. Answer the questions and you will be able to login and configure a one-time bypass, in order to access a protected service such as OWA, Webapps, or VPN.
I just upgraded my iPhone to iOS 7 and now I'm receiving a message "error processing authentication request". What do I do?
If you are still having issues, please contact the IS Support Desk at 792-9700.
To fix this issue, you will need to do the following:
1. Open the Multi-Factor (Windows Azure) app on your iPhone
2. Click "edit" in the top left corner
3. Delete the existing MUSC account by tapping the red circle and hitting delete
4. Go to the user portal at https://2factor.musc.edu and login (you may have to wait for the timeout and answer security questions unless you switched to phone call)
5. Click Activate Phone App from the left hand side navigation links
6. Deactivate your existing iPhone device (if present) by clicking the Deactivate link
7. Reactivate the phone app by clicking Generate Activate Code and then adding in the phone app with the + sign button
If you do not remember the answer to your security questions, you will need to contact the IS Support Desk at 792-9700. Ask them to switch you to voice call and make sure your phone number is correct. You can then login to the user portal via the voice call method, and reset your security questions.
How do I enroll in MUSC Two-Factor Authentication?
Visit https://2factor.musc.edu and login with your NetID. Follow the instructions to complete your enrollment. Detailed instructions, with screenshots are available here *NOTE YOU MUST ALLOW PUSH NOTIFICATIONS THROUGH TO YOUR MOBILE DEVICE OR THE APP WILL NOT WORK.
How can I keep an open MUSC connection without having to re-authenticate?
If you are going to be working off campus for an extended period of time, or accessing multiple resources at once, utilizing VPN is recommended. VPN is set to allow continuous access from the same IP, for a 24 hour period, without having to re-authenticate using the 2nd factor.
How will Two-Factor authentication be implemented at MUSC?
As of 10/01/2013, Two-factor authentication is required for remote access to MUSC resources that contain sensitive or protected information. The initial roll-out included Outlook Web Access, Citrix Webapps and VPN. Other systems, as required, will follow.
How does Two-Factor authenticaiton work at MUSC?
MUSC has purchased a product called PhoneFactor (which has been renamed to Windows Azure Active Authentication) to be used as the second factor of authentication. After entering your username and password, the MUSC Two-Factor system will either:
1) Place a voice call to your phone (cell or landline), indicating "This is MUSC calling to verify a login to your NetID. Press the # sign to complete your authentication or press 446 # to report fraud."
2) Push a notification to the Multi-Factor app installed on your smartphone or tablet. You will simply hit authenticate to complete your login.
Two-Factor authentication at MUSC works by placing a confirmation call or pushing a notification to your phone during the login process. You simply respond to the authentication request to confirm the login.
Will I be required to have my phone with me in order to login remotely?
Yes. Unless using the one-time bypass as described above, you will need access to a cell or landline phone in order to verify your login.
Do I need to install anything on my phone?
Users who authenticate via a phone call do not have to install anything on their phone. The call can be placed to any landline or mobile phone, including office phone numbers with extensions. Because there are no end-user devices, enrollment and training are a breeze.
For smart phone users who prefer to authenticate using the phone app, they simply download the phone app from the App Store and activate it using a code that is generated during the automated enrollment process.
How long does it take to authenticate?
Two-Factor authentication takes just seconds to complete. The authentication request is sent instantly when a user logs into an application or initiates a transaction protected by Two-Factor authentication. As soon as the user responds (by answering the call and pressing # or tapping Authenticate in the phone app), the login or transaction is completed.
What about access to e-mail via Outlook, Apple Mail, Thunderbird and other desktop e-mail clients?
Does this work everywhere or just in the US?
Two-Factor authentication at MUSC works anywhere you can receive a phone call or have data access. There is no additional cost for international phone app authentications.
What’s wrong with passwords?
Passwords are often the weakest link in data security. Users pick terrible passwords and bots and key loggers harvest passwords by the thousands. Phishing sites trick users into giving passwords away and those stolen passwords are passed around, sold, or posted on the Internet. Users reuse passwords in- and outside of the office network. They’re better than nothing, but most companies need something stronger than passwords.
What if I get an authentication request from MUSC Two-Factor when I’m not trying to log in?
This would only happen if someone else was trying to log into your account, and they already knew your password. Two-Factor authentication only occurs after the username and password are verified. So, if this happens, Two-Factor authentication has just saved your account from illicit access! Please be sure to press 446 # or tap the button on your phone app to report fraud so the MUSC Information Security office can take appropriate measures to further protect your account.