What happens if I don’t have my phone with me?
If you’re using a device that you’ve used before and ticked the “Don’t ask me again on this device” checkbox, then nothing; you don’t need your phone to log in to devices in this situation at all. If you’re logging in on a device you haven’t used before and you don’t have your phone with you, then we also support one-time use codes which can be printed out for a wallet or purse, say, and then used once if you don’t have your phone, then discarded.
Which applications and processes will be covered by 2FA?
Everything which is currently covered by Web Single Sign-on will become covered by 2FA. Notably, that includes SiteBuilder, Tabula, My Warwick, SITS (when accessed through a web browser) and Sharepoint. It doesn’t affect the way you log into your PC itself, or logging into a machine in a teaching room. So logging in to a lectern PC and getting to PowerPoint, your H drive and a web browser won’t involve 2FA. Only if you then wanted to sign in to, say, SiteBuilder in the lecture theatre would 2FA be required.
What happens if I’m somewhere where there’s no signal?
We recommend using an authenticator app on your phone, rather than relying on SMS. If you use an authenticator app then your phone can generate a 2FA token without needing any kind of signal or Wi-Fi connection.
How frequently will I be asked to enter a 2FA token after I’ve ticked “Don’t ask me again on this device”?
Once every six months.
My phone won’t run an authenticator app. How will it work for me?
Authenticator apps are available for iPhone, Android and Windows handsets. If you have a different sort of phone, or you don’t want to install an app, then you can use SMS instead, and have a text message sent to your phone containing a 2FA token. This does mean that you’ll need a signal to receive a text message when you’re using a new device for the first time.
What happens when I get a new phone?
You’d install the authenticator app on it, then visit a 2FA setup web page on a device you’ve previously trusted to confirm that your new phone should be allowed to generate 2FA tokens for you. If you’re receiving 2FA tokens via SMS and your number hasn’t changed, then you wouldn’t need to do anything; text messages would continue to be delivered to your new phone.
I don’t want to use my mobile phone for this. How will it work for me?
The university can supply keyfob devices to people who don’t have, or don’t want to use, a mobile phone. The authentication process using a keyfob device is not as seamless as when using a phone, and it does mean carrying an extra device with you.
2FA isn’t appropriate for me. Is there a way I can opt out?
If you believe that there is a specific reason why 2FA isn’t appropriate for you (bearing in mind that it is now a reasonably standard security practice in most organisations) then by agreement with your Head of Department and the Director of IT Services, it is possible, in exceptional circumstances, to turn 2FA off for an individual.
Will 2FA apply to PCs in teaching rooms?
Not for logging in to the lectern PC or opening PowerPoint or your H drive or a web browser. Only if you needed to sign in to a Warwick web application (eg SiteBuilder, Tabula, SharePoint, etc) from a lectern PC would you need to have a phone with you to enter a 2FA code.