Skip to main content

2-Step improves application security

University faculty, staff and students two-stepped their way to more protection for sensitive University information and credentials with 2-Step Verification. Here’s a timeline of the 2-Step Verification rollout.






Fall 2016 to early winter 2017: 2-Step Verification is required to access online W-2s

ConnectCarolina users were introduced to the 2-Step Verification process in Fall 2016 when ITS added the security measure to the W-2 online access.

September 18, 2017: 2-Step Verification is required to access Campus VPN

For faculty and staff who work off-campus, VPN provides a safe and reliable way to send and receive data across a public network as if their computing devices are directly connected to the private network — that is, as if they are on campus. Adding 2-Step to the VPN sign-in reduces the risk of a cyber criminal using stolen Onyen and password credentials to access the University’s digital resources from off campus.

February 15, 2018: 2-Step Verification required to access ConnectCarolina Student Financials

U.N.C. 2-step logo

Direct deposit information is a high-value target for phishers and criminals. Because direct deposit information can be changed online, if a criminal compromises a student account and gains access to their Onyen and password, they can theoretically log in to that student’s account, change the direct deposit account, and divert funds to a different account.

Now, in order to change direct deposit information, students are required to use 2-Step Verification to confirm their identity. This greatly reduces the risk of fraudulent direct deposit account information because a criminal would need not only the Onyen and password, but also the mobile device being used for 2-Step, as well.

May 23, 2018: 2-Step Verification required for Administrative Access to ConnectCarolina

Thousands of staff and faculty members have access to financial, student and personnel information in ConnectCarolina. Entering grades, reviewing grant and contract balances, and submitting performance evaluations are just a few examples of the tasks that administrative users perform. Some users complete such tasks daily, while others may only need to sign in once or twice a year.

For more than 10,000 administrative users of ConnectCarolina, 2-Step is now a requirement to sign in to the application. This greatly reduces the risk that personal and sensitive information about faculty, staff and students could be exposed to an online criminal who had successfully compromised an administrative user’s account.

Key Partner(s): Communication Technologies, Identity Management, Information Security, Infrastructure & Operations, Office of the CIO
Comments are closed.