The following communication was sent by Aaron Powell, Vice President for UW Information Technology and CIO to all UW employees on January 25, 2018.
This email is to inform you about important security enhancements that will occur when signing in to Workday. The privacy of sensitive information is a top priority for all of us. In this new environment where we are seeing increasing attacks from multiple sources, we need to tighten our data security. This is in direct response to recent changes in the security environment that have emerged this year and which you may have heard about in the news.
In order to better protect employees’ private information, all employees will be required to use Duo, the University’s two-factor authentication (2FA) solution, when signing in to Workday, not just when accessing personal information. This change will go into effect at the start of the business day, January 26, 2018.
By taking this step, all of your Workday data will now be protected by 2FA. Once enrolled, there will be no delay in accessing any of your information in Workday. This move, in line with industry-wide best practices, is an important step in our ongoing efforts to help employees safeguard their private information. This will not affect your ability to access your email or other websites. No systems other than Workday will be affected.
Employees who are already enrolled in Duo will not need to take any additional action. If you have not yet enrolled in Duo, you will need to do so in order to access Workday starting January 26, 2018.
To find out how to enroll, visit IT Connect’s Two-Factor Authentication (2FA) page. There are multiple sign in options for 2FA, including using a smartphone, tablet, or desk phone. (We recommend using a smartphone or tablet based upon security, convenience and access.)
Please note, even with the use of 2FA, employees using a shared, public computer, such as one found at a kiosk or a library, should remember to always sign out of Workday.
UW-IT is committed to supporting all employees as we make this important transition. If you need help, please contact the UW Information Technology Service Center at firstname.lastname@example.org or call 206-221-5000. The Service Center is available 24×7 to assist you.
Frequently Asked Questions
What is 2FA?
Two-factor authentication adds a layer of security when you sign in with your UW NetID. Normally, you verify your identity with a single factor, such as a password. Verifying your identity using a second factor, like a smartphone, tablet, or hardware token prevents others from signing in as you, even if they know your password.
Why do I need two-factor authentication?
It has become increasingly easy to compromise passwords. They can often be stolen, guessed, or hacked, and you may not even realize your password has been compromised. With two-factor authentication, a compromised password won’t mean a compromised account.
Phishing attacks often escalate during tax season, with increased attempts at stealing employees’ Social Security Numbers and tax documents. Of course, protecting your private information is important throughout the year, not just during tax season. Using 2FA to prove it’s really you protects your personal data all year long.
I’ve used 2FA to sign in to Workday before – what is different?
If you have an elevated security role in Workday and are already prompted to use 2FA at sign in, there will be no difference.
If you are using 2FA only when you need to access sensitive information like your payslip, tax documents or home address, the only difference is that you will be prompted to use 2FA as soon as you sign in to Workday.
Do I need to do anything?
Employees who are already enrolled in Duo will not need to take any additional action.
If you have not yet enrolled in Duo, you will need to do so in order to access Workday. To find out how to enroll, visit IT Connect’s Two-Factor Authentication (2FA) page.
Does this mean I’ll need to use 2FA when signing in to Workday to enter my hours worked?
Yes, all employees will now use 2FA whenever they sign in to Workday, whether to enter hours worked, request vacation or sick time, to take holiday time off, or to do any other task for which they use Workday.
Please note: Medical Centers employees use Kronos, not Workday, to track hours worked.
I forgot my 2FA device. What should I do? If you forgot your 2FA device and have a critical business need to access Workday, you can contact the UW-IT Service Center. They will verify your identity over the phone and then issue you a temporary bypass code you can use to sign in with 2FA.
Thank you for your assistance with this important security enhancement.