The University of Colorado has implemented multifactor authentication to improve protection of personal employee information available in the portal. It now takes two items—your password and your phone—to access sensitive information. This decreases the likelihood that others can access your data, even if they have your password.
How it works
Please watch this one-minute video to see how multifactor authentication works:
No time for a video? Here are the basics.
- Log in to the portal, using your password.
- When you try to access or update a protected page in the CU Resources area, you will be asked to authenticate your identity. You will have two options: Receive a phone call or receive a text with a passcode.
- If you select "phone call," choose one of your phone numbers listed in the drop-down menu to receive the authentication call. You will get an automated call from the University of Colorado. Follow the instructions in the call, and you will be authenticated.
- If you select "Text,"" you must choose a "CELL" or "MOBILE" device from the drop-down menu. Then, click on "Send SMS passcodes" to receive an SMS text message containing a passcode. Just enter that passcode into the portal's authentication screen, click "Log in" and you will be authenticated.
Only protected pages require authentication.
The University of Colorado understands the demands placed on its faculty and staff, so it implemented multifactor authentication to cause minimal disruption to your workday. You will be asked to authenticate your identity only when you try to access the following items in the CU Resources area of the portal:
- direct deposit
- phone number (only when you push the “Change phone numbers” button in "Employee Profile")
- Employee Profile
- Benefits Summary
Example: If you view your phone number in the "Employee Profile" page, you won't be asked to authenticate. But when you click the "Change phone number" button, you'll be asked to authenticate your identity. After you authenticate once, you will be able to access all your information for the rest of your portal session. Your authentication will last up to eight hours as long as your session does not terminate.
Frequently Asked Questions
Whom do I contact for help if I have problems using the authentication system?
If you are a retiree or surviving spouse, please contact Employee Services at 303-860-4200, option 3, or EmployeeServices@cu.edu for assistance.
For other issues, please email Employee Services at email@example.com. Please include your name, employee ID, contact information and a description of the problem.
What is multifactor authentication?
Unfortunately, passwords aren't as secure as they used to be. If someone gets your password, they can access your account without any fuss.
multifactor authentication seeks to decrease the likelihood that others can access your data. It takes two items to access and update your information: “something you know” (like your password) and “something you have” (like your phone).
One simple example: Using an ATM machine. When you visit an ATM, one authentication factor is the ATM card you use to start the transaction. That's the “something you have.” Next, you enter a PIN number, which is the "something you know."" Without both of these factors, your authentication will fail.
Why did CU implement this multifactor authentication?
Increasingly, colleges and universities are a target for cyber criminals using fake ".edu" email addresses, according to the FBI and U.S. Department of Homeland Security. The enhanced security is CU's response to late 2013 phishing attacks that tricked several employees into giving their passwords to cyber criminals, who then altered their direct deposit information and stole their paychecks.
The university implemented authentication software from Duo Security, whose technology is used by the University of California Berkley, University of Michigan, Michigan State, University of Minnesota, University of Illinois and many major corporations.
How does the Duo Security software get my phone numbers?
Which HCM phone types are available for use in Duo?
What should I do if I need to update my phone numbers in Duo?
If you are not able to authenticate yourself in order to change your phone information via self-service, please contact your department's payroll liaison for assistance. Changes made by you via self-service and changes made directly in Human Capital Management (HCM), CU's HR tool, your HCM user will be sent in real time to Duo and be reflected in the Duo authentication page the next time you use it.
What if I can't update my phone information in the portal since multifactor authentication is required?
What Phone types from HCM will have the SMS passcode option on the Duo authentication page?
How do I get the SMS passcode option?
Can the system handle international phone numbers?
How long will my authentication last?
I've updated all of my phone data in HCM, but I still see another phone in the Duo page called MOBILE. Why?
I only own one phone number: a CELLPHONE. Should I populate that CELL number in both the CELL and HOME phone types?
No, use unique numbers in HCM; do not use the same number more than once. If you prefer to receive alerts from CU via text message, be sure that you have entered your cellphone number in the "cellular" phone field.
In Duo, a phone number can exist only once, unlike in HCM, where phone numbers do not have to be unique. Customers should only use cellphone numbers in the CELL phone type in HCM as that phone type is the only one that has SMS (text) abilities.
If the customer does not have a Home or Campus number they should just leave those phone types blank.