G Suite (such as Gmail and Google Drive) for staff will become the first application with Duo 2FA enabled. Duo 2FA support for other applications will be gradually introduced in due course.
What is two-factor authentication? Why do I need it?
Traditionally, access to University IT resources requires you to provide username and password. While it is an effective way to protect your data, protection with password only is increasingly easy to be compromised. It can often be stolen, guessed or hacked – you may not even know someone is accessing your account.
Two-factor authentication adds a second layer of security to your accounts. Verifying your identity using a second factor (e.g. your smartphone with an app) to approve authentication requests prevents anyone but you from logging in, even if they know your password.
How it works?
Using Gmail for staff as an example,
Enter your email address at Gmail sign in screen as usual.
Gmail recognizes that your account is protected by Duo 2FA, and you will be redirected to a dedicated HKBU login page to enter your SSOid and password.
After inputting your login information, you will be asked to either respond to a push message OR enter a one-time passcode to verify your identity – both can be done via your mobile device.
You are now securely logged in
Register your mobile device starting 4 January 2018 by following the simple instruction given in the User Guide (refer to ‘Policies & Guidelines’ tab).
It will guide you through for a self-enrollment process to get your mobile device registered as the second authentication factor. The process is very simple and should take only 2 minutes. Please feel free to contact our Customer Service Call Centre if you need further assistance.
Systems Protected by Duo Two-Factor Authentication
G Suite (such as Gmail and Google Drive) for staff will be the first application having Duo two-factor authentication enabled. Dates for other central IT services to be 2FA enabled will be announced in due course.
Each University staff / student is entitled to a Single Sign On user id (SSOid) account for the duration of his/her association with HKBU to access intranet and U-wide IT services.
When an SSOid account is first created, it must be activated before it can be used. To safeguard security, rules have been implemented regarding the format and expiration period of the password of an SSOid. Please refer to the User Account Password Policy.
- What is SSOid?
- What HKBU IT services will my SSOid account allow me to access?
- I am new to HKBU, how do I register / activate my SSOid?
- I forgot my SSOid password, how do I reset my password?
- How do I change my SSOid password?
- Where do the security questions come from?
- How do I change the security questions/answers for my SSOid?
- What do I do if I cannot answer the security question?
- Can I request for an additional email account?
- Two-Factor Authentication (2FA) FAQ