Beginning on July 23, 2024, enhanced multi-factor authentication (MFA) will be implemented for all members of the Division of IT.

As you may know, Virginia Tech continues to be impacted by phishing attacks that attempt to circumvent Duo Multi-Factor Authentication (MFA) protections. Since many DoIT team members have elevated access to critical systems and sensitive data, it is of vital importance that we maintain the highest level of security to enable uninterrupted support for the university’s needs. Our 2016 university-wide Duo MFA deployment yielded a significant reduction in compromised university accounts, but attacks have evolved, and the number of compromised accounts is once again increasing. The good news is that we have additional protections that we can deploy.

Enhanced MFA will be implemented for all Division of IT employees on Tuesday, July 23, 2024.

Enhanced multi-factor authentication (MFA) includes the following changes to the current authentication process:

• Disabling SMS and phone call second factor options. DoIT members will be required to authenticate using the Duo mobile app, an external device such as a YubiKey, or a soft token.
• The Duo mobile app will now require our team to verify the Duo Mobile push with a time-sensitive, generated number as part of the push notification process.
• Currently this is only applicable to Login.vt.edu

4Help Instructions for assisting users within DoIT:

1. Assist user with setting up the DUO mobile app. Follow instructions for setting up Duo Push found here: https://guide.duo.com/universal-prompt#add-or-manage-devices
2. Assist user with obtaining 10 temporary bypass codes:
   1. If you cannot authenticate with any second factor, follow the instructions at Lost, Forgot, Broke, or Unavailable 2-Factor Device instead of these instructions.
   2. Log in to the Virginia Tech accounts site at Accounts.it.vt.edu.
   3. Use the left-hand menu to navigate to the 2-Factor page.
   4. In the middle of the page click Generate passcodes.
   5. To confirm that you understand the warning displayed, click Generate.
   6. On the Web page, click Print.
   7. Your printer settings will appear. Select the printer you want to use, and then click OK.
   8. Store the printed paper in a secure location and use a pencil or pen to mark when you use each code. Each code can only be used once.
   9. Any Duo passcodes you previously printed from this Virginia Tech Web site will no longer work.
3. Assist user with older versions of DUO mobile app (earlier than 4.49) by attempting to assist the user in updating the DUO mobile app by having them attempt to manually update the DUO mobile app in Play Store (Android) or App Store (iOS)
   1. Note: Android 10 or earlier and iOS 14 or earlier cannot run 4.49
4. If you are unable to assist the user, escalate to IMCS.