STI has begun the implementation of Two-Factor Authentication in our Cloud environment. Two-factor authentication (2FA), or two-step authentication, is an important security measure that adds a second layer of protection in addition to your password. Adding this additional security layer makes it much harder for hackers to break into your accounts as well as complying with HIPAA regulation. HIPAA requires covered entities to verify that a person seeking access to electronic protected health information (ePHI) has authorization. Another advantage of utilizing 2FA in the STI Cloud environment is that you will no longer need to create a new password every 90 days. You will be able to use a permanent login password.

How does 2FA work?

Two-factor authentication works by adding an extra layer of security to your account — an additional login step — to prevent someone from logging in even if they have access to your password.

When you sign into any of your online accounts, the basic level of authentication requires only your password to log in — that’s one step to verify your identity. 2FA adds a second piece of information (or a second layer) that you need to provide before you can get access to your account.

STI will be deploying a product named Duo Mobile which is a two-factor authentication (2FA) app that you will install on your smartphone. This is our recommended method of authentication. However, if a cloud user does not have a smartphone, or does not have access to a smartphone, 2FA Security Tokens can be purchased ($30/token) and configured for a cloud user to achieve two-factor authentication. Do note, however, that the 2FA Security Tokens are disposable battery operated devices and will need to be replaced in the future (approximate battery life is two years).

Two-Factor Authentication Preparedness

Prior to being set up for 2FA, all cloud users will need to indicate how they intend to achieve two-factor authentication, either via a smartphone or a security token. Those using a smartphone will also require a unique email address to receive activation and instructions for installing Duo Mobile on their smartphone. STI will be contacting your office via email with specific information and instructions for implementing 2FA for your office.

• Each cloud user will need their own smartphone they can install the free Duo Mobile app on. If a user does not have a smartphone,a Two-Factor Authentication Security Token can be purchased ($30/token, includes configuration and installation) to provide 2FA. Click here to request a 2FA Token.
• Each cloud user that is using a smartphone for 2FA needs a unique email address that only they can access – either a personal email address or better a business email address linked only to them. (If your office does not have a business grade email solution, reach out to STI Managed Services for information on how the office can benefit from and deploy their own using Microsoft 365.) An email address is not needed for cloud users that are using a security token for 2FA.