Search This Site


Main menu

Two-step authentication

Two-step, two-factor, or multi-factor authentication is an authentication method in which a person is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism:

  1. knowledge (something the user and only the user knows),
  2. possession (something the user and only the user has), and/or
  3. inherence (something the user and only the user is).

Any two-step or multi-factor authentication process at the University of Virginia must be:

a. a University-approved two factor authentication  (e.g., Duo-based High Security VPN) or
b. a method that has been reviewed and approved by the University Information Security Office before use.

A good example of two-factor authentication is the withdrawing of money from an ATM. Only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form