In the past, access to online accounts relied only on something you know, your password. Unfortunately, the bad guys use methods like phishing to try to expose your passwords, then login to your accounts. Once in, they could lock you out of your account, go through your emails and photos, pretend to be you to send harmful messages to your contacts, or use your account to reset the password for other accounts (banking, shopping, etc.) The good news is two-factor authentication (2FA), also called multi-factor authentication (MFA), can prevent the bad guys from accessing your accounts, even if they know your password.
How It Protects You
Instead of relying on just one level of security with something you know, like your password, two-factor authentication also requires something you have that is unique to only you, like your cell phone. Together these prove that the person attempting to log on to your account is really you. Even if a bad guy were to get their hands on your password, they still would not be able to access your account since they do not have your cell phone or security key.
How It Works
Signing into your account with two-factor begins with you entering your username and password as usual. You will then be asked for something else for verification, like a security code. The code may be from a text message send to your phone, from a mobile app, from a phone call, or from a special security key.
Two-Factor Authentication at WKU
WKU is using multi-factor authentication with some key IT services like webmail, myWKU, TopNet, and more. This is implemented using an application called DUO.
Enabling Two-Factor Authentication for Common Sites
Learn how to enable two-factor authentication on these popular sites.
Other Sites That Use Two-factor Authentication
The website https://twofactorauth.org offers a comprehensive list of sites that offer two-factor authentication and links on how to enable it.