Knowledgebase: delaGATE
How to Enable 2-Step Verification for delaGATE
Posted by Donald Sloat, Last modified by Donald Sloat on 02 December 2017 03:12 AM

What is 2-Step Verification?
2-Step Verification helps protect your account from unauthorized access should someone manage to obtain your password. Even if a password is cracked, guessed, or otherwise stolen, an attacker can't sign in without access to the user's additional verification. After logging in with your username and password you’ll be prompted to verify your identity—the second step—using something in your possession, such as a mobile phone, backup code or key fob.

Who should enroll in 2-Step verification?
All users are encouraged to enroll to protect their personal data and improve overall security by enabling 2-Step verification. Depending on level of access, some employee are required to 2-Step verification. All users with remote access will be required to enroll in 2-Step verification by 03/19/18. Many other Colleges and Universities have implemented 2-Step verification, as have most major service providers such as Google, Facebook and Twitter. Please consider enabling 2-Step verification not only for DCCC, but also for your other personal accounts. 

How do I get started?

Watch the video below for step by step instructions on how to enroll your account in 2-Step Verification.
You can enlarge this video by clicking the box icon in the lower right hand corner once the video starts.
You can enable HD by clicking the setting gear, click quality and change to 1080p

Once enrolled what systems will require 2-Step verification?
At this time only end-user web applications that use delaGATE for authentication and the myDCCC mobile application utilize 2-Step verification.
Desktop Computers, Wireless access, Application that do not use delaGATE for authentication such as Banner INB and GW webmail are not impacted.

Can I disable 2-Step Verification once it has been enabled?
Yes. Although we do not recommend it, you can disabled 2-Step verification, with one exception. 
Employees who work with specific systems and have been required to use 2-Step verification will not see the option to disable it.
Those users have already been trained and are already using 2-Step verification.

What Mobile Authenticator Applications are supported?
A application which can support HOTP (HMAC=based One Time Password) algorithm is supported. 

These apps are available in the iOS App Store and Google Play Store:
Google Authenticator
Lastpass Authenticator
Microsoft Authenticator

What if I am unable to generate a code and I am locked out?
Users with 2-Step verification should always have a backup mode configured. All users are strongly encouraged to print a list of one time use verification codes during the enrollment process, as outlined in the video above.

If you do not have access to your backup verification codes, you should contact the OIT Support center during regular operating hours (Monday – Friday, 7:30am – 10:00pm EST and Saturday, 8:am to 4:30pm EST).
You may come in person to the IT Support Center at Marple with a valid Government Issued Photo ID or Passport or remotely byconnecting to a Zoom video session, with Video enabled with a valid Government Issued Photo ID or Passport. 
You will also be asked a series of authentication questions.

Does 2 Step Verification application use my data plan?
The Mobile Authenticatior application does not use the Internet or data to generate codes. Data fees may be incurred during the installation of the application and during any updates. 

I have a Yubikey, can I use it with the DCCC 2-Step Authentication system?
Yes. The 2-Step Verification system supports Yubikeys 4 Series security keys. You may purchase them online here
Yubikey 4 has multiple programmable slots and can be used for DCCC and other systems such at Github, Google, Dropbox, Lastpass, Facebook, Windows and more. 

I have a new phone and I am enrolled in 2-Step verification, what do I do?
Login to the delaGATE account management page using your old phone or your backup codes.  Select Mobile Authenticator and select 'Disable mobile authenticator'. Download your mobile authenticator application to your new phone and select 'Enable mobile authenticator' and follow the enrollment prompts. If you need assistance, follow the new enrollment procedures in the video above.