After elaborate technical evaluation and testing, an advanced 2FA solution by DUO has been implemented since 4 January 2018 with G Suite (such as Gmail and Google Drive) for staff being the first application with DUO 2FA enabled. Starting on 11 February 2019, the following services will also be protected by DUO 2FA :
– Webpages that are protected by Portal Login
– VPN (for General User and IT Administrator)
What is two-factor authentication? Why do I need it?
Traditionally, access to University IT resources requires you to provide username and password. While it is an effective way to protect your data, protection with password only is increasingly easy to be compromised. It can often be stolen, guessed or hacked – you may not even know someone is accessing your account.
Two-factor authentication adds a second layer of security to your accounts. Verifying your identity using a second factor (e.g. your smartphone with an app) to approve authentication requests prevents anyone but you from logging in, even if they know your password.
How it works?
Using Gmail for staff as an example,
Enter your email address at Gmail sign in screen as usual.
Gmail recognizes that your account is protected by Duo 2FA, and you will be redirected to a dedicated HKBU login page to enter your SSOid and password.
After inputting your login information, you will be asked to either respond to a push message OR enter a one-time passcode to verify your identity – both can be done via your mobile device.
You are now securely logged in
Register your mobile device starting 4 January 2018 by following the simple instruction given in the User Guide (refer to ‘Policies & Guidelines’ tab).
It will guide you through for a self-enrollment process to get your mobile device registered as the second authentication factor. The process is very simple and should take only 2 minutes. Please feel free to contact our Customer Service Call Centre if you need further assistance.
Systems Protected by Duo Two-Factor Authentication
– G Suite (such as Gmail and Google Drive) for staff
– BUniPort (starting 11 February 2019)
– Webpages that are protected by Portal Login (starting 11 February 2019)
– VPN (for General User and IT Administrator) (starting 11 February 2019)
More central IT services will also be 2FA enabled. Announcement will be made in due course.
Each University staff / student is entitled to a Single Sign On user id (SSOid) account for the duration of his/her association with HKBU to access intranet and U-wide IT services.
When an SSOid account is first created, it must be activated before it can be used. To safeguard security, rules have been implemented regarding the format and expiration period of the password of an SSOid. Please refer to the User Account Password Policy.
For details on User Account (SSOid) Management Policy, please click here (for ITO personnel only).
- Guidelines on using 2FA [View Guideline]
- Register Your First Mobile Device for 2FA [View Guideline / Watch Demo Video]
- Activate Duo Mobile App on a New Phone [View Guideline]
- Register / Manage your Device for 2FA [Watch Demo Video / Go to Portal]
- Get Emergency Access Code for 2FA (Account Access without a Mobile Device) [Watch Demo Video / Go to Portal]
- What is SSOid?
- What HKBU IT services will my SSOid account allow me to access?
- I am new to HKBU, how do I register / activate my SSOid?
- I forgot my SSOid password, how do I reset my password?
- How do I change my SSOid password?
- Where do the security questions come from?
- How do I change the security questions/answers for my SSOid?
- What do I do if I cannot answer the security question?
- Can I request for an additional email account?
- Two-Factor Authentication (2FA) FAQ