The University of Colorado has implemented multi-factor authentication to improve protection of personal employee information available in the portal. It now takes two items – your password and your phone – to access sensitive information. This decreases the likelihood that others can access your data, even if they have your password.
How it works
Please watch this one-minute video to see how multi-factor authentication works:
No time for a video? Here are the basics.
- Log in to the portal, using your password.
- When you try to access or update a protected page in the CU Resources area, you will be asked to authenticate your identity. You will have two options: Receive a phone call or a text with a passcode.
- If you select Phone Call, choose one of your phone numbers listed in the drop down menu to receive the authentication call. You will get an automated call from the University of Colorado. Follow the instructions in the call and you will be authenticated.
- If you select Passcode, you must choose a “CELL” or “MOBILE” device from the drop down menu. Then, click on “Send SMS passcodes” to receive an SMS text message containing a passcode. Just enter that passcode into the portal's authentication screen, click "Log in" and you will be authenticated.
Only protected pages require authentication
The University of Colorado understands the demands placed on its faculty and staff, so it implemented multi-factor authentication to cause minimal disruption to your work day. You will be asked to authenticate your identity only when you try to access the following items in the CU Resources area of the portal:
- Direct Deposit
- Phone number (Only when you push the “Change phone numbers” button in Employee Profile)
Example: If you view your phone number in the Employee Profile page, you won’t be asked to authenticate. But when you click the “Change phone number” button, you’ll be asked to authenticate your identity. After you authenticate once, you will be able to access all of your information for the rest of your portal session. Your authentication will last up to 8 hours as long as your session does not terminate.
Frequently Asked Questions
Who do I contact for help if I have problems using the authentication system?
If you are a retiree or surviving spouse, please contact Employee Services at 303-860-4200, option 3, or EmployeeServices@cu.edu for assistance.
For other issues, please email Employee Services at email@example.com. Please include your name, employee ID, contact information and a description of the problem.
What is multi-factor authentication?
Unfortunately, passwords aren’t as secure as they used to be. If someone gets your password, they can access your account without any fuss.
Multi-factor authentication seeks to decrease the likelihood that others can access your data. It takes two items to access and update your information: “something you know” (like your password) and “something you have” (like your phone).
One simple example: Using an ATM machine. When you visit an ATM, one authentication factor is the ATM card you use to start the transaction. That’s the “something you have.” Next, you enter a PIN number, which is the “something you know.” Without both of these factors, your authentication will fail.
Why did CU implement this multi-factor authentication?
Increasingly, colleges and universities are a target for cyber criminals using fake ".edu” email addresses, according to the FBI and U.S. Department of Homeland Security. The enhanced security is CU’s response to late 2013 phishing attacks that tricked several employees into giving their passwords to cyber criminals, who then altered their direct deposit information and stole their paychecks.
The university implemented authentication software from Duo Security, whose technology is used by the University of California Berkley, University of Michigan, Michigan State, University of Minnesota, University of Illinois and many major corporations.
How does the Duo Security software get my phone numbers?
Which HRMS phone types are available for use in Duo?
What should I do if I need to update my phone numbers in Duo?
If you are not able to authenticate yourself in order to change your phone information via self-service, please contact your department’s payroll liaison for assistance. Changes made by you via self-service and changes made directly in HRMS by your payroll liaison will be sent in real-time to Duo and be reflected in the Duo authentication page the next time you use it.
What if I can’t update my phone information in the portal since multi-factor authentication is required?
What Phone types from HRMS will have the SMS passcode option on the Duo authentication page?
How do I get the SMS passcode option?
Can the system handle international phone numbers?
How long will my authentication last?
I’ve updated all of my phone data in HRMS, but I still see another phone in the DUO page called MOBILE, why?
I only own one phone number, a CELL phone. Should I populate that CELL number in both the CELL and HOME phone types?
No, use unique numbers in HRMS, do not use the same number more than once. If you prefer to receive alerts from CU via text message, be sure that you have entered your cell phone number in the “cellular” phone field.
In DUO a phone number can exist only once, unlike in HR where phone numbers do not have to be unique. Customers should only use Cell phone numbers in the CELL phone type in HRMS as that phone type is the only one that has SMS (text) abilities.
If the customer does not have a Home or Campus number they should just leave those phone types blank.