skip to main content

Authentication & Authorization Services

Two-Factor Authentication

Authentication

Electronic Authentication is the process of establishing confidence in user identities that are presented in online environments. Application developers are often faced with a choice of mechanisms based on a wide variety of technologies to perform local or remote authentication. The use of Multi-Factor Authentication adds an increased layer of security to transactions by using multiple forms of authentication mechanisms during a transaction.

Authentication Mechanisms

Authentication material used to confirm a Subject's identity is categorized into one of three types or factors:

  • Something you know (for example, a password)
  • Something you have (for example, an ID badge)
  • Something you are (for example, a fingerprint)

One measure of the strength of an authentication system is the number of factors incorporated into the system. Two-factor implementations are considered to be stronger than those that use only one factor; implementations that utilize all three factors are stronger than those that only use two factors.

Determining Need for Two-Factor Authentication

The decision to require Two-Factor Authentication for a particular application is based on the potential harm or impact of an authentication error. Categories of harm and impact include:

  • Inconvenience, distress, or damage to standing or reputation
  • Financial loss or institution liability
  • Harm to institution programs
  • Unauthorized release of sensitive information
  • Personal safety
  • Civil or criminal violations

Two-Factor Authentication is one strategy application developers can take to mitigate risks associated with unauthorized access to the application.

Texas A&M InCommon Two-factor Authentication Service

The Texas A&M University System has selected the InCommon Two-factor Authentication program with Duo Security to provide two-factor authentication to Service Providers needing enhanced security. Duo's Two-factor Authentication is a cloud-based second-factor authentication with no software to install and no server to set up. Duo has patented technology and drop-in integrations to enable IT customers to easily integrate Duo into an existing application login workflow. The Duo model primarily relies on smartphones to be the device in the user's possession. Most users will like the ease and convenience of using phones to verify their identity.

Oversite

Each Texas A&M System Member manages their own Duo instance. Texas A&M IT's Identity and Access Management Team has been designated as the Registration Authority Office for this service and is responsible for overseeing the TAMU (02) Two-factor Authentication Service. The documentation on this website pertains solely to the TAMU (02) Duo offering.

Duo Architecture

Two-Factor Authentication @ Texas A&M