USU employees required to use dual authorization for account access


The Utah State Office of Higher Education has required all universities in the state to implement multi-factor authentication systems to increase cyber security.

As a result, Utah State University faculty and student employees will be required to use a new dual authorization system in the form of an application or a key fob to access their USU  account.

Student employees and USU faculty will be denied access to their Banner account starting April 20 if the Duo application or key fob is not set up. The smartphone application is free. The key fob costs $23.

Mainly, hackers are interested in employees’ credentials so they can gain access to their bank information, said Eric Hawley, the chief information officer of USU’s Information Technology department.  

“Once a hacker gets an A-Number and password, they can do anything you can,” Hawley said.

However, if a hacker was attempting to access an employee account protected by the multi-factor authentication system, a push notification would be sent to the employee’s phone or tablet through the Duo application. From there, the USU employee could approve or deny access.

If the employee is using the key fob instead of a smartphone, the key fob would display a code, which prospective hackers would then need to access the individual’s account.

Student employees have varying opinions on the extra step now required to access their account.

“I’m not scared of it. I think it’s pretty cool,” said Kelli Hanni, an undeclared freshman who works at the Merrill-Cazier Library.

Other student employees said they thought the application was an inconvenience, but they are still open to better security.

“It’s a hassle as a student signing in ten times a day, but I don’t have a big problem with it,” said Rio Manning, a senior business administration major who works at the computer lab in the Taggart Student Center.

Kevin Graf, who works at the library, said he wasn’t too excited about the requirement at first. Still, Graf said he downloaded the application right away because he knew he would have to get it eventually.

Sarah Madany, an undeclared freshman who works at the Engineering Education (EED) Lab, said she is aware she will have to get the application, but is choosing to put it off because everyone she has talked to said it was “cumbersome and a hassle to pull out your phone every time you log in.”

Other students expressed concern about the possibility that they might not have their phone with them when they need to log in to their USU account.

Anna Moore, a senior graphic design major who also works at the EED Lab, said the fear became a reality when she forgot her phone one day.

“I had a deadline that I had to meet and I couldn’t log in to anything. That was not a good thing,” Moore said.

It is still possible to gain access to the account if an employee leaves their phone at home or the battery dies. Employees just need to log in to, click on a button that allows them to generate a bypass code, and answer a few questions about information from their Banner accounts. If they answer correctly, a code will be generated, allowing the employee access to the account.

Hawley said he is aware students feel the application is an inconvenience. He said once all university employees are using the application or the key fob, they will no longer be required to change their password once a year.

As of March 17, 2,827 USU employees had set up Duo via the application or the key fob.


Photo by Mark Bell

There are 4 comments

Add yours
  1. Vince

    So just so you know if they need to generate a bypass code for DUO the information you provided is false. They go to and click on the “generate bypass code” button at the the bottom of the page, answer questions about their account, and the code is provided to them. Nothing is emailed to you and they do not as you stated need to change their password. If you are going to report on this at least do a little research next time.

    • Alyssa Roberts

      Thank you for making sure we have our information correct. That is always our number one priority. Before I make changes to the article, though, can I just ask what your position is at the university and if you’re speaking from personal experience?

Post a new comment