Welcome to 2Factor Authentication (2FA)

Protect Your University of Chicago Account

2Factor Authentication (2FA) enhances the security of your CNetID by using your device (mobile phone, landline, tablet, hardware token) to verify your identity. This prevents anyone but you from using your account to log in to University websites, even if they know your CNetID password. Learn more

Using 2FA protects you on all University sites that use Shibboleth for authentication. Some of the most frequently-used applications that use Shibboleth include: Workday (the replacement for Employee Self Service), remote access to Library databases (using proxy to access Library databases from off campus), the myUChicago portal, and cAlert (log in to set up your contact information). A list of the most-used Shibboleth-protected sites is available on answers.uchicago.edu

What is Shibboleth?

Shibboleth is a Single Sign-On tool that allows you to log in once (for a preset period of time - usually eight hours here at the University of Chicago) to any Shibbolized service that you're eligible to use, and then have access to all other Shibbolized sites to which you have access without having to log in again.



How will using 2Factor affect how I login to services?

2FA is currently available on systems that use Shibboleth protection. After registering your device with 2FA, you will need to log in using your smartphone app authorization or by entering a code that you can get via text message, phone call, or by pre-printing a list of single use codes. You may choose to log in using 2FA each time you connect to one of these services, or you may allow 2FA to automatically log in for you for up to 30 days. If you attempt to log in from an unknown computer or smart device during the 30 day period, you'll be prompted to approve your 2FA connection again for that device.



What devices can I use with 2FA?

We encourage you to register multiple devices. It's best to register at least one extra device. You can register your mobile phones, landlines, and even a hardware token (if your department has them available).