ANU Passwordless Authentication

Image
passwwrodless-coming-soon-early

Coming soon, in 2022!

We are changing the way the ANU community will log into and access ANU systems.

We are replacing usernames and passwords, with a phone app: providing ANU community with world’s best multi-factor authentication security and greater user ease.

What's in it for you?

  1. No more passwords!
    1. No more changing them.
    2. No more forgetting them.
  2. Quicker to log in.
  3. Greater protection for your ANU account and email.

How do I get 'passwordless'?

ANU is using Cipherise™, developed by Australian company Forticode.

First, install the Cipherise™ app on your phone. You will then enrol ANU into the app through scanning a QR code provided to you in an email from ITS.

Install Cipherise on your phone:

  1. Download the Cipherise App to your mobile. Available on Download on the Google Play Store and Download on the App Store
  2. Open the Cipherise App.
  3. Press the ‘Get Started’ button, where you will see on-screen instructions.
  4. Create a 5–7-character keyword/PIN using the OneTiCK keypad in the app. (OneTiCK is only used to access/unlock the Cipherise app).
  5. You can set a recovery question for your OneTiCK as well.

Enroll Cipherise

  1. Open the Cipherise app on you phone
  2. On your computer screen, click on the link in the enrolment email provided by IT Services
    1. This will display a QR code.
  3. Using the camera on your phone, scan the QR code.
    1. Follow the on-screen prompts to complete the enrolment process. You are now ready to go passwordless!

How do I use Cipherise?

Once ANU activates passwordless authentication in 2022: and you have enrolled Cipherise for ANU, to log into an ANU system

  1. Go to the system's login page.
  2. Scan the WaveAuth/QR code presented: using one of the following methods:

    1. Open the Cipherise app on your phone – unlocking if needed
    1. Click the ‘Scan Button’
    2. Using the phone’s camera, put the WaveAuth code in the view on your screen  
       
    2. Take a picture of the QR code with your phones app
    This will auto-load Cipherise and begin the ANU login.
     
  3. When the wave appears, perform the prompted biometric check on your phone: face or fingerprint, as stored by you on your phone
  4. Once you pass the biometric check on your phone, ANU will connect you to your account.

Frequently Asked Questions

Frequently asked questions will appear here as they emerge during roll-out

What is passwordless technology?

ANU is changing the way in which users will log into and access ANU systems. Passwordless access replaces your username and password with a phone app or token and adaptive multi-factor authentication: providing the ANU community with world’s best security and greater ease. Maximum security, minimum effort.

A brilliant user benefit of the passwordless system is NEVER having to remember your ANU password again.

This passwordless technology is powered by Cipherise™ - an Australian innovation.

Are my biometrics accessible to the ANU or other entities?

No. Your biometric data is only stored on your phone, accessible only by your phone. Not even the Cipherise app as access to your biometric information.

When you setup your device to use biometrics to unlock or access other apps on your device, it is your phone that is handling the creation and storage of the biometric.

When the Cipherise passwordless app on your device asks for your biometric, the app asks the phone to request and check the biometric, and only report back if it is valid. Cipherise does not access the biometric directly nor does it store that biometric.

Under this passwordless process, you maintain complete ownership over your biometric information..

What devices can the passwordless app be used on?

Any smart phone or tablet updated with iOS 12 and above, and android version 7 and above.

What if I lose my phone?

Simply contact IT Service Desk and they will withdraw the Cipherise passwordless relationship with your device. It’s worth noting though that if someone finds your phone and tries to access anything protected by Cipherise, they won’t be able to, since they aren’t you and don’t have your biometrics or knowledge of your OneTiCK keyword/PIN.

How do I log in if I lose or forget to bring my phone?

Passwordless ensures attribution and security, meaning that you need a registered device to access your account.

Go to the Account Recovery Link and a new enrolment link will be emailed to you that will give you access to your account.

Cipherise provides alternate authentication methods which a user can use to access their account in case the enrolled device is not available. This will include provision for users to call Service Desk and after responding to some security questions, you will be grated ‘Vouched Access’- a temporary session which will last up to 8 hours