Information Technology Services IT Security Office
Note: Two-factor authentication (2FA) is mandatory for Mason employees
to access the Cisco AnyConnect VPN


Learn more about 2FA at Mason and how to get started by clicking on the links on the right navigation bar. Please contact the ITS Support Center with any questions.

What is 2FA?

2FA uses two factors to verify identities for an additional layer of protection against the sophisticated tactics of cyber criminals. 2FA makes Mason and personal information less vulnerable.

  • The first factor (something you know)
    is the verification of the Mason NetID and Patriot Pass Password, and
  • The second factor (something you have)
    is generally a smartphone, but other options are available.

Mason partnered with Duo Security to deliver 2FA when using the Cisco AnyConnect VPN. Mason employees will log into the VPN with their NetID and Patriot Pass password (1st factor) and confirm their identity using a physical device (2nd factor). The physical device may be a smartphone, tablet, mobile phone, or landline phone. 

Picture of how 2FA works

Why 2FA - Mason's Commitment to Cyber Security

Implementing 2FA is the latest step in a series of projects ITS is doing to protect Mason's students, faculty, and staff against phishing scams and related cyber vulnerabilities. Previous steps included:

  • Introducing required security questions to access sensitive information within Patriot Web
  • Updating Mason's Virtual Private Network (VPN) client to improve functionality and usability
  • Requiring use of Mason's VPN when off-campus and on wireless networks to access highly sensitive applications such as Internet Native Banner (INB), the Travel Request System (TRS), and the grant management system (Coeus) for increased comprehensive protection.

who needs to use it?

All Mason employees who use the Cisco AnyConnect VPN to access Mason systems will need to use 2FA.

When do I need to use it?

You will need to use 2FA when you use the Cisco AnyConnect VPN. The Cisco AnyConnect VPN is typically needed to access specific applications or systems from off-campus locations, and sometimes via either wired or wireless on-campus locations. Read more about Mason's Cisco AnyConnect VPN.

2FA WILL NOT be required when connecting to resources from a trusted wired network (most faculty and staff offices).

When is this happening?

ITS is working within the following project timeline:

April 2016
  Design Solution
May/June 2016
  Develop and Test Enrollment Application and Website
Early July 2016
  ITS Pilot and Communications
Early August 2016
  University-wide Voluntary Enrollment / Targeted Self-Enrollment
October 2016
  Mandatory use for all employees using Cisco AnyConnect VPN