Why is UW-Whitewater adding an extra layer of security to WINS?
UW-Whitewater is adding an additional layer of security, known as multi-factor authentication, to better protect the personal information of our students and employees. Once implemented, you will be required to provide an additional passcode, in addition to your Net-ID/password, to access information in WINS. The one-time passcodes will be generated by a key fob, or through a smartphone app.
In the event that an employee with access to sensitive information has their campus account compromised, having a second authentication factor (e.g. – the one-time passcodes generated by the fobs or smartphone app) will make it significantly more difficult for non-employees to access sensitive information stored in WINS. Using multi-factor authentication is the industry standard for protecting sensitive information stored in large databases.
Why am I required to use multi-factor authentication (MFA)?
Any user who is able to access a student’s social security number (SSN), date of birth, driver’s license number, and other pieces of sensitive information stored in WINS, is required to use multi-factor authentication. If you do not need access to student SSNs, date of births or driver’s license numbers to fulfill your job duties, please talk with your department head to determine if you can be moved to a role that does not have access to these fields. Your department head may reach out to the Registrar’s office to initiate the change.
What do I need to use multi-factor authentication (MFA)?
Every user must choose either a hardware fob or a smartphone application for his/her one-time password device, but not both. The approved one-time password smartphone app, and university-supplied one-time password key fobs will be supported by UW-Whitewater.
If you choose to use the smartphone app as your one-time password device, you are responsible for furnishing a personal smartphone, or a state-issued smartphone (if a user already has a state-issued smartphone). The UW-System and UW-Whitewater will not issue smartphones exclusively for users to use as one-time password devices. The UW-System and UW-Whitewater are not responsible for the cost of repairing or replacing the personal smartphones used as one-time password devices or for any costs associated with data plan usage. Users of X-IDs may only use the hardware fob. Please use this document as a guideline for using X-IDs.
What is better the smartphone app or the hardware fob?
Both systems have pros and cons:
Smartphone App: (UW-Whitewater assumes the device is passcode protected)
- You will not have an additional device (the hardware fob) to remember and carry in order to authenticate to WINS or UW System common systems that require strong authentication.
- The usage of the app is free of charge.
- Depending on your smartphone contract, there may be a fee associated with using the internet to download the app initially.
- UW Digital ID only supports the app, not the smartphone itself. You are responsible for making sure your smartphone is in a working condition.
- UW-Whitewater will pay the cost.
- Fobs are State-issued devices; therefore, if there is an issue with your fob, you can seek help from the Technology Support Center (Helpdesk).
- The fob is an additional device that you must carry to authenticate to WINS or UW System common systems, which require strong authentication.
What if I forgot or lose my fob or phone?
Login to the contingency access website (https://go.uww.edu/mfa-contingency) to request a temporary one-time passcode: Core Users can access the website 24 hours a day, 7 days a week.
Note: If you receive the one-time passcode through text message, depending on your smartphone contract, there may be a fee associated with each text message. UW-Whitewater and the UW System are not responsible for paying for these text message fees.
What if I require support with my one-time passcode device?
You may contact the UW-Whitewater Technology support Center (Helpdesk) for assistance. Please review the digital ID policy (Approval Pending) for more information on support parameters.
What are the time out settings for multi-factor authentication?
The WINS and Dual Factor timeout for inactivity setting will be set at 30 minutes to align with recommended security practices, and to align the Human Resources System (HRS) and Shared Financials System (SFS) timeout window.