Information about two-factor authentication

Two-factor authentication is an additional level of login security. With two-factor authentication, you log in with an extra factor; meaning you log in with something you know (username and password) and also something you have (e.g. your mobile phone).

Why use two-factor authentication?

Identity theft has now become far more common in Norway than just a few years ago. Two-factor authentication reduces the risk of unauthorized users taking over your user account.

One can read in the news about universities and municipalities that are completely put out of action by unauthorized people "stealing" data by encrypting it and demanding money to decrypt the data again. This type of "burglary" often starts with one user account being hacked.

Two-factor authentication secures your user account by preventing unauthorized persons from logging into your user account even if they know your username and password.

Two-factor authentication should be applied to all user accounts where possible, both at work and in private.

 

Who in the USN has to use two-factor authentication?

Everyone who has a USN user account, including guest users (Teams), must enable and use two-factor authentication.

USN is an institution that, through its activities, processes large amounts of information. Much of our value creation is achieved through our employees' production of new knowledge and the development of technology. This knowledge can be attractive to criminal elements, other countries' intelligence, competitors and more.

Norway today faces a complex threat and risk picture concerning the use of digital technology. The National Security Authority (NSM) is experiencing increasingly advanced and efficient networking operations targeting Norwegian businesses, and the Police Security Service (PST) has put state intelligence at the top in its assessment of threats in 2019 and 2020.

USN employees and students are the most important weapon/tool we have to maintain the security of our digital everyday lives. USN depends on you making the right assessments and choices. Everyone has a responsibility to gain knowledge about the security threats and what to do to avoid them. To help us, we have a number of security products and measures.

Two-factor authentication is one of these security measures.

Guest users

Guest users are, among other things, users who have been invited to a Team located in the USN organization. From Monday 12 December 2022, USN has a requirement for two-factor authentication for guest users.

There are different scenarios that apply to guest users.

If you are invited via a "work or school account" and already have a requirement to use two-factor authentication in your own organization, you probably won't notice much.

If you do not already use two-factor authentication, you will encounter a wizard to register a two-factor method. If you are invited via a "work or school account", you will meet your own organization's two-factor wizard. The two-factor method you then register is stored in your own organization.

If you are invited via an email address that is not a "work or school account", you will encounter USN's two-factor wizard. The two-factor method you then register is stored in USN's system.

The easiest (and most secure) way to use two-factor authentication is to use the "Microsoft Authenticator" app and follow the recommended method in the wizard. When you are later asked to confirm login via two-factor, this happens via a notification on the phone that you can quickly approve.

Which services will be covered by the two-factor authentication?

Initially, we are enabling two-factor authentication for all the Microsoft 365 services we use, as well as pc.usn.no.

Microsoft 365 is Microsoft's cloud service where USN uses tools such as e-mail (Exchange), OneDrive, Teams, Forms, Planner and more.

Logging in to a USN administered computer, Eduroam, and more was not covered by this change.

For guest users, the two-factor authentication only apply to Teams. The sharing of folders or documents from a USN user's OneDrive is not affected by this, as that type of sharing is done using other security mechanisms.

From 15.03.24 two-factor authentication (strong authentication) has been introduced on all Feide services except WISEflow, Lovdata and Innsyn. There are two choices for two-factor, Entra-ID (Microsoft account) and ID-porten, and it is recommended to use Entra-ID by selecting Use work or school account in the first Feide login window. See information under Feide services on this website.

How does two-factor authentication work?

After activating and setting up two-factor authentication, one must authenticate with factor two (e.g. a mobile phone) at each login to the different Microsoft 365 services that you use on each device (PC, mobile phone, tablet) you use these on.

When logging in with two-factor authentication, one often have the choice to not be asked for factor two again for another 60 days. We recommend doing this. If you do, you will only have to use factor two if you log in from a new device, if you use a new service in Office 365, or when 60 days have passed from the previous factor two authentication on a given device and service.

If you receive an authentication request on your mobile device without having logged in to a Microsoft 365 service, it is important that you do not approve this request. This may be a sign that unauthorized persons have obtained your username and password and are trying to log in to your user account. In such cases, you must immediately change your password and contact IT support to notify about what has happened.