Definitions

Temporary Elevated Privileges are any case where administrative access of an endpoint is explicitly granted by an endpoint manager for five (5) calendar days or fewer at a time

Two-step, two-factor, or multi-factor authentication is an authentication method in which a person is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism:

1. knowledge (something the user and only the user knows),
2. possession (something the user and only the user has), and/or
3. inherence (something the user and only the user is).

Any two-step or multi-factor authentication process at the University of Virginia must be:

a. a University-approved two factor authentication  (e.g., Duo-based High Security VPN) or
b. a method that has been reviewed and approved by the University Information Security Office before use.

A good example of two-factor authentication is the withdrawing of money from an ATM. Only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.

Two-step login process must be either a UVA-approved two-step authentication  (e.g., Duo-based) or another method that has been reviewed and approved by the University Information Security Office before use.