2FA Banner

Two Factor Authentication (2FA) Details

Register your device now using the registration tool.  (2fa.cdu.edu.au)

Security has always been about challenging a person to prove they have the right to access something. In the past, having something like a key, combination or password (a single factor) was enough to stop unauthorised access.  However, as attackers have become more sophisticated, the use of one challenge has become less secure. To combat this increased risk, single factor authentication is being supplemented by the addition of other factors, to improve security.

How to register your Mobile Device

To register a device for 2FA at CDU please watch the video. (85 secs)

You can make the video full screen by clicking the double headed arrow in the top right corner after it has started. You can also pause the video or scroll back at any time to review the information.

What is Two Factor Authentication? (2FA)

The point of Two (or more) Factor Authentication is to improve the security of the information held by CDU. To make sure that only the people that are authorised to access information, are the ones able to do so. It makes it a lot more complex for someone, not entitled, to access information, because they have to circumvent the different types of authentication.

Open all | Close all

Two Factor Authentication at CDU

Why Two Factor Authentication (2FA)?

CDU has always used passwords to protect computers. These used to be simple and never changed, which didn't provide much in the way of security. Rules for the complexity of passwords and the frequency they needed to be changed were put in place. One of our goals is to make things more convenient for staff, by allowing them to type one password and be allowed to access everything they have permission to, which is called "single sign on". This has the disadvantage that if the password is compromised, the unauthorised person has access to everything, whereas before it might have been only been one system.

With the prevalence of phishing emails and the move to "single sign on", it is becoming more important than ever to protect our systems. That's where 2FA comes into the picture, as the access available from getting a users password becomes greater, the level of protection must also increase.

How will 2FA affect me?

If you only access the CDU Portal on-campus, you will not notice any difference. You will only be affected if you access CDU services away from the CDU network. You can start using 2FA now by registering your mobile device now by going directly to the CDU registration tool.  (2fa.cdu.edu.au) or in the CDU Portal (see below).

Note: At this stage, 2FA is only being implemented for CDU Staff. It will NOT affect Students.

How to register a device for Two Factor Authentication (2FA) at CDU?

To use Two Factor Authentication at CDU you need to register a device.

When you first go to access something that requires Two Factor Authentication and you haven't registered a device, you will be prompted to register one. You will be stepped through the short one off registration process.

Register your device now using the registration tool.  (2fa.cdu.edu.au)

or register your device by going to the Portal.

Click your username on the top right corner (1) followed by choosing the "My Account" menu option (2). You can manage your 2FA settings by selecting "Two Factor Auth" from the navigation menu on the left (3).

Accessing 2FA

Click the "Register/Re-Register" button and follow the instruction on the page.

Mobile Device Applications

You will need to install a One Time Passcode application on your mobile device.

FreeOTP Athenticator

FreeOTP Authenticator

We recommend FreeOTP Authenticator which is available free for Android and iOS (Apple Devices) mobile phones.

Managing your CDU Two Factor Authentication (2FA) Settings

2FA Settings

You can access your 2FA settings by going to the portal and clicking your username on the top right corner (1) followed by choosing the "My Account" menu option (2). You can manage your 2FA settings by selecting "Two Factor Auth" from the navigation menu on the left (3).

Accessing 2FA

The settings page provides users the option to de-register a currently registered 2FA device and replace it with another. This might be required if you were to update, replace or lose your phone.

Note: Only one device can be registered at a time.

Backup Codes

The portal allows a user to have 5 backup codes that can be used once each in conjunction with your password to gain access. These codes must be kept in a safe place because they act as a backup should your 2FA device not be available. These are available in your 2FA settings screen.

Note: If you lose your Backup Codes or have used all of them, you can regenerate 5 new codes by choosing "Manage my Backup Codes" then clicking the "Regenerate All Codes" button.

I am no longer in possession of my 2FA device (De-Registering my Device)

In the instance that you no longer have access to your registered 2FA device, you will need to disassociate it with your CDU account 
Log into the CDU Portal.
Accessing 2FA
  1. Click your name on the top right to bring down the options menu.
  2. Choose My account
  3. Choose Two Factor Authentication from the navigation menu
  4. If you would like to
    - remove your device completely, choose “Deregister device
    - replace your current device with a new one, choose “Register/Reregister
  5. Follow the onscreen prompts. 
Note: Please remove the CDU Portal entry in your preferred OTP app (eg FreeOTP) on your device before re-registering again.

Example: If you use FreeOTP, here is how to remove the CDU Portal entry from within the app.

How do I make sure my mobile has the correct time to use 2FA?

It is important that a mobile has a fairly accurate time for the FreeOTP to give the correct code when asked.

Mobile time diagram

To make sure that this occurs, the mobile should be getting the time from the Mobile Network. Below are instruction for Android and iOS on how to make sure that the mobile get the mobile network time.

Android

Android time Sync

Go to Settings and Select General Management (1)
Select Date and Time (2)
Make sure Automatic date and time is turned on (3)

iOS

iOS time Sync

Go to Settings and Select General (1)
Select Date &Time (2)
Make sure Set Automatically is turned on (3)

I can't add scan the QR Code, what can I do?

If you find you can't scan the QR Code, you can add it manually.

Android

IOS (Apple)

Click the "Key with the +" at the top of the FreeOTP
application.

Manually adding a secret key

In the first line put your CDU username eg "jbond"

In the second line type "CDU Portal" without the quotes.

Then type the Secret Key that is displayed on
the computer screen.

Check you have typed everything correctly and
click Add

For iPhones and other Apple devices use the example below

2FA Secret Code for IOS

Once you have filled in the blanks click "Save"

This will add the CDU Portal to your FreeOTP application instead of having to scan the QR Code.

Note: The other settings should not be altered.

How do I register for 2FA from outside Australian mobile phone coverage?

If you are outside Australia or in a remote area outside of Australian mobile phone coverage and you need to register for 2FA, please contact the ITMS Service Desk or log a job in LogIT and they will assist you with the process, after they have verified your identity.

Once they have verified your identity they will pre-register your mobile number and let you know. You will then be able to go through the registration process for 2FA.

When you get to the part about entering your mobile number, this will already be filled in and you will be able to go to the next step and complete the registration process. If you are away from mobile network coverage of any kind, you will need to use the FreeOTP application which does not rely on being connected and only needs to have the correct time to work.

Types of Two Factor Authentication

Currently the authentication factors are;

Type

Examples

Prevalence

Something you knowPasswords, combinations, personal questions, swipe patternsVery Common
Something you haveKeys, swipe/ID cards, passports, tokens, SMS messages to your phone, mobile deviceCommon
Something you areFingerprints, iris scans, palm prints, facial recognitionUncommon
Something you doHow you speak, type, walkRare and experimental

Quick Quiz

ITMS

Contact information

W: logit.cdu.edu.au

Location
IT Kiosk, Red 1, Casuarina campus
Office hours: 8am - 4pm, Mon- Fri (CST)

Telephone
08 8946 6600 (ext 6600)
Phone hours: 7:30am - 6pm (Mon - Thu)
7.30am - 5.30pm (Fri)

News

ADAPT Technologies


The ADAPT technologies make it easier to access your work across a variety of devices.

Find out more about how ITMS are making the transition to ADAPT.

Related links