Auburn implements 2-factor authentication for VPN

In response to recent phishing scams and related vulnerabilities, Auburn has implemented a high-security login process referred to as 2-factor authentication. This new login process will be required for VPN users.

"2-factor authentication," specifically in this case, means individuals using the AnyConnect VPN Client will log in with their Auburn username and password (1st factor - something you know) and confirm their identity using a physical device in their possession (2nd factor - something you have). With the use of a second factor (physical device), an attack on your password isn't enough to allow unauthorized access to your information.

The physical device may be a smartphone or tablet (University-issued or personal) using the Duo Security app, a text message to a mobile phone, pressing a hardware token device like a University-issued yubikey, or an automated voice call to a landline or cell phone.

HOW TO REGISTER A DEVICE

Devices are registered at auburn.edu/2factor. Information and instructions can be found at auburn.edu/oit/2factor.

NEW VPN INSTRUCTIONS

You should still connect to auvpn.auburn.edu from the AnyConnect VPN Client, but instead of selecting the AUSEC profile, choose 2FACTOR. After the initial login, the DUO Security software on our servers will attempt to contact you via the secondary methods you established.  The VPN client will wait for you to respond to this request before proceeding to grant you authorization. If it does not receive the expected response, it will timeout and/or disconnect.

VPN instructions are detailed at auburn.edu/oit/vpn.

WHERE TO GET HELP

Easy-to-follow instructions have been created at auburn.edu/oit/2factor; however, if you require more hands-on assistance and you are an employee, contact your local IT Provider. All other individuals should contact the OIT HelpDesk.

DEADLINE FOR SWITCHOVER

University employees and students may begin using the secure, 2-factor method of VPN immediately. Shortly after you register a device, the 2-factor method of VPN will be your only method of VPN. On July 15, 2016 the AUSEC VPN profile will be removed and all users must use 2FACTOR for normal VPN access to the Auburn University network.

Last Updated: August 23, 2016