NetID+ (Plus)

Passwords aren't enough:  protect yourself with NetID+


Overview

NetID+ is the UA’s two-factor authentication resource.  Two-factor authentication puts an extra layer of security on your accounts by requiring:
  1. Something you know (e.g., bank account username and password), and
  2. Something you have (e.g., cell phone receiving text messages with additional code verifying your account).
Signing up for NetID+ can help prevent anyone but you from accessing using your credentials, even if an attacker knows your password.  NOTE:  After signing up NetID+, we strongly recommend enabling Global NetID+ for more thorough protection. 
 
 

How Does NetID+ Work?

After you sign up for NetID+, you will complete the first authentication step by entering your UA NetID and password on the UA WebAuth page, as you normally do.  You can complete the second step in a variety of ways, depending on your preferences and the methods available to you.  These methods include:

  • responding to an alert on your smartphone or tablet
  • verifying through phone calls
  • entering one-time use passcodes received through text messages
  • generating one-time use passcodes via the Duo Mobile app
  • using a Yubikey hardware token to generate passcodes
  • entering a bypass code, which can be generated after enrollment

back to top


Eligibility

Available to UA faculty, staff, and students. NOTE:  NetID+ is required in order to access campus Virtual Private Networks (VPN), UAccess Employee Direct Deposit Screen, and the Outlook Web App (OWA) services.


Enrollment Instructions

back to top


Login by device type

back to top


Enabling Global NetID+

After you have signed up for NetID+, it is recommended that you enable the 'Global NetID+' setting. The global feature will enforce two-factor authentication for all sites utilizing UA WebAuth authentication services for login, such as CatMail, D2L, and UAccess. In addition, two-factor authentication can help protect your UA account, even if your UA NetID password is compromised.   NOTE:  If you have not enabled Global NetID+, your security is greatly diminished.

back to top


NetID+ Lifelines

You can configure phones that can be used as Lifeline devices when your regular devices are unavailable. A Lifeline phone usually belongs to somebody you trust and with whom you can easily communicate.

For example, if you lose your phone and need to use NetID+, you can log in to the NetID+ management site using just your NetID and password. After you log in, you will see an option to 'Use a Lifeline'. When you choose the lifeline you would like to use (you may have more than one configured) , a verification code will be sent by text message or a phone call to that phone. The owner of that phone can communicate the code to you, and you can enter the code into this application to produce a list of ten bypass codes. Those bypass codes will allow you to complete NetID+. After completing NetID+ login, you can go to the Manage your Account page to manage your NetID+ devices. You can remove your lost phone and configure a new device for future logins. You can also print out more bypass codes.

back to top


NetID+ Bypass Codes

Bypass codes are generated from the NetID+ self-service site and are intended to be used as a 'rescue' mechanism, when you do not have access to any of your registered devices. Bypass codes may be printed out and carried with you (e.g., in your wallet or purse) or stored in a secure location. Bypass codes are generated in batches of 10 and can be used in any order (unlike SMS passcodes, which must be used sequentially). Each bypass code is good for a single use and generating a new list of bypass codes will invalidate the previous list. Bypass codes are distinct and separate from SMS passcodes – generating a new batch of SMS passcodes will not affect your current list of bypass codes (and vice-versa).

back to top


Additional Account Management Information

back to top


Video Tutorials

Video tutorials have been created for using NetID+, such as enrolling and logging in to NetID+, generating and using Lifelines, enabling Global NetID+, and other features.  Click here to access the videos.

back to top


NetID+ Use with the UA's VPN Client

Establishing a VPN connection with NetID+ is very similar to the normal sign-on process. When you start your VPN client, you will be prompted for your NetID username and password as before, but there will be an additional field titled NETID+ Method.

To access VPN with NetID+, you can do one of the following:

  1. Enter a numeric passcode that was generated on your device or on the NetID+ Manage Your Account page, or
  2. Type push, phone, sms, or passcode in the NetID+ Method field:

 

VPN/NetID+ Connection Instructions

back to top


NetID+ Publications and Handouts

back to top


International Traveler Information

We recommend that international travelers use NetID+ to generate a list of NetID+ Bypass Codes* and register at least one NetID+ Lifeline before traveling. NetID Bypass Codes are generated in batches of 10 via the NetID+ website; each code is good for one login, and you can generate more at any time.

*Your last bypass code should be used to generate a new batch of bypass codes, if you do not have access to any other enrolled device.
 
Note: If you travel internationally and use SMS text message passcodes as your primary NetID+ authentication mechanism, the text messages you receive may incur substantial roaming charges. If you have a Google Voice account tied to an external Gmail account (i.e., @gmail.com, not @email.arizona.edu), you can set that up with NetID+ as an SMS-capable phone and configure it to deliver incoming SMS messages to your Gmail mailbox.
 
If you expect to travel internationally and cannot set up Duo Mobile as your NetID+ authentication method, then bypass codes, a Yubikey hardware token, or the aforementioned Google Voice approach are your best alternatives.


back to top


Support or Assistance

back to top