Information about two-factor authentication

Two-factor authentication is an additional level of login security. With two-factor authentication, you log in with an extra factor; meaning you log in with something you know (username and password) and also something you have (e.g. your mobile phone).


Why use two-factor authentication?

Identity theft has now become far more common in Norway than just a few years ago. Two-factor authentication reduces the risk of unauthorized users taking over your user account.

One can read in the news about universities and municipalities that are completely put out of action by unauthorized people "stealing" data by encrypting it and demanding money to decrypt the data again. This type of "burglary" often starts with one user account being hacked.

Two-factor authentication secures your user account by preventing unauthorized persons from logging into your user account even if they know your username and password.

Two-factor authentication should be applied to all user accounts where possible, both at work and in private.

 

Who in the USN has to start using two-factor authentication?

Everyone who has a USN user account must enable and use two-factor authentication.

Two-factor authorization has already been activated for all USN employees. Starting in August 2021, all new students must also use two-factor authentication. Shortly thereafter, two-factor authentication requirement will also be rolled out to existing students.

USN is an institution that, through its activities, processes large amounts of information. Much of our value creation is achieved through our employees' production of new knowledge and the development of technology. This knowledge can be attractive to criminal elements, other countries' intelligence, competitors and more.

Norway today faces a complex threat and risk picture concerning the use of digital technology. The National Security Authority (NSM) is experiencing increasingly advanced and efficient networking operations targeting Norwegian businesses, and the Police Security Service (PST) has put state intelligence at the top in its assessment of threats in 2019 and 2020.

USN employees and students are the most important weapon/tool we have to maintain the security of our digital everyday lives. USN depends on you making the right assessments and choices. Everyone has a responsibility to gain knowledge about the security threats and what to do to avoid them. To help us, we have a number of security products and measures.

Two-factor authentication is one of these security measures.

 

 

Which services will be covered by the two-factor authentication?

Initially, we are enabling two-factor authentication for all the Microsoft 365 services we use, as well as pc.usn.no.

Microsoft 365 is Microsoft's cloud service where USN uses tools such as e-mail (Exchange), OneDrive, Teams, Forms, Planner and more.

Logging in to a USN administered computer, Feide services, Canvas, Agora, Public 360 and more will continue to be without two-factor authentication.

 

How does two-factor authentication work?

After activating and setting up two-factor authentication, one must authenticate with factor two (e.g. a mobile phone) at each login to the different Microsoft 365 services that you use on each device (PC, mobile phone, tablet) you use these on.

When logging in with two-factor authentication, one often have the choice to not be asked for factor two again for another 60 days. We recommend doing this. If you do, you will only have to use factor two if you log in from a new device, if you use a new service in Office 365, or when 60 days have passed from the previous factor two authentication on a given device and service.

If you receive an authentication request on your mobile device without having logged in to a Microsoft 365 service, it is important that you do not approve this request. This may be a sign that unauthorized persons have obtained your username and password and are trying to log in to your user account. In such cases, you must immediately change your password and contact IT support to notify about what has happened.