A control that limits an individual from having full elevated privileges during normal, day-to-day use.
Two-step, two-factor, or multi-factor authentication is an authentication method in which a person is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism:
- knowledge (something the user and only the user knows),
- possession (something the user and only the user has), and/or
- inherence (something the user and only the user is).
Any two-step or multi-factor authentication process at the University of Virginia must be:
a. a University-approved two factor authentication (e.g., Duo-based High Security VPN) or
b. a method that has been reviewed and approved by the University Information Security Office before use.
A good example of two-factor authentication is the withdrawing of money from an ATM. Only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.
Two-step login process must be either a UVA-approved two-step authentication (e.g., Duo-based) or another method that has been reviewed and approved by the University Information Security Office before use.
Report an Information
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.