Skip to main content

NIH requiring multi-factor authentication for logins

The National Institute of Health (NIH) is improving security and as a result is requiring stronger proof that a person logging into their system is who they say they are. This change will happen in two parts:

Part I: Starting September 15, 2021

University is adding Duo 2-step verification to comply with NIH requirement for multi-factor authentication logins for using their systems.

Part II: By December 2022

University will provide appropriate levels of assurance of a person’s identity requiring that a person has presented a government-issued photo ID to UNC. Fortunately, the University already has these processes in place to verify these IDs for anyone who is issued a OneCard.

Who this affects:

All faculty, and staff who access NIH systems.

More about this change:

Starting September 15, 2021, when UNC faculty and staff log in to NIH systems, they will be required to do the Duo 2-step verification after they’ve entered their Onyen and password. Since UNC already requires Duo 2-step verification for many other systems, most employees should adapt to this change easily. In the case that someone needs to set up their Duo 2-step verification, they can follow these instructions on how to add a device for 2-step verification.

The NIH is also requiring additional assurance of identity by December 2022. This means that along with the Duo 2-step verification, UNC also needs to assert to the NIH that identity of the faculty, or staff member has been appropriately vetted.

ITS preparing for the change:

Information Technology Services (ITS) is currently working with The Office of the University Registrar, and Human Resources to develop identity proofing processes to collect assurance information about faculty and staff. That information will be used to assert appropriate assurance levels to NIH and other services that require it.

UNC NIH Requirements Link

For questions, please contact

Comments are closed.