There was a recent article in UA’s Lo Que Pasa outlining the importance of protecting your online identity associated with your UA NetID. In that article, it was reported that there have been over 130 targeted phishing emails since November 1 with the single goal of obtaining your NetID password. Some of these “successful” attempts led to UA employees having their paychecks diverted to bank accounts controlled by cybercriminals. Therefore, we must do our best to protect our information, and this includes safeguarding our NetID password by utilizing a security enhancement that the University offers: NetID Plus (NetID+).
The “Plus” in NetID+ simply asks you to confirm your UA NetID login to systems such as Email, UAccess, VPN, Box, etc. via a text message, an automated phone call, or a notification sent to your smart phone. That way, if cybercriminals obtain your NetID password (e.g. via a phishing scam), they’re still unable to access the UA systems without your confirmation.
The Lo Que Pasa article highlighted two important changes regarding NetID.
- The NetID password management system is being upgraded to incorporate the latest security best practices and features. Once it is in place, you will be asked to change your NetID password (normally done once a year) in order to log in to campus services from the new system.
- NetID+ will be required to access email in the new faculty and staff email and calendar service, dubbed UAConnect365.
The migration to the new email system will take place sometime between March and June 2017. Once your mailbox has been migrated to UAConnect365, you will need to be enrolled in NetID+ or will not be able to access your @ag.arizona.edu, @cals.arizona.edu, or @email.arizona.edu email. Therefore, the College is now requiring all active employees to enroll in NetID+. This policy is effective February 24, 2017.
NetID+ can be implemented many different ways to match each user's specific work environment. NetID+ is most commonly paired to your smart phone, but that is only one example.
Do I need a cell phone to enroll in NetID+ ?
No. Cell phones are the most common way to confirm a UA NetID login, but not required. You can have NetID+ call a work phone line, a home landline, and/or another trusted person’s phone. Additionally, you can print NetID+ “confirmation codes” ahead of time and never have to use a phone to confirm your UA NetID login.
I have a cell phone, do I need to install the Duo Mobile app?
No. The Duo Mobile app conveniently allows you to simply double-click your confirmation, but is optional. Instead, you can have NetID+ send your cell phone a text message or an automated call. Just answer the phone call, press “1”, and hang up.
I have the Duo Mobile app installed on my smartphone, do I need to be on WiFi or on the cellular network for it to work?
No. Duo Mobile will send you a notification when you’re online, but will allow you to manually generate a confirmation code any time - including when you have no cell coverage, wifi access… when traveling internationally or leaving the phone in airplane mode.
I urge you reach out to your departmental IT support staff to help determine the best configuration of NetID+. Additionally, the UITS 24/7 Help Desk can help remotely, over the phone, or in person. They can be reached at 520-621-HELP.
This new policy will help strengthen all aspects of our cyberinfrastructure while further protecting our end users from breaches of personal information (e.g. direct deposit, tax documents, Social Security Numbers, passwords to other systems) and institutional information (e.g. sensitive research data, business transactions, website passwords, intellectual property). Please help secure our College’s cyberinfrastructure and competiveness for Federal grants by enrolling in NetID+.
To enroll in NetID+, please visit https://webauth.arizona.edu/netid-plus/
To review the CALS policy, please visit https://cals.arizona.edu/cbs/policies/netid-policy