Logging into UNSW REDCap now requires multi-factor authentication (MFA; sometimes called two-factor or two-step authentication), an additional security measure that verifies your identity through your username and password, combined with another method of identification. This change was introduced to comply with the requirements of the UNSW Data Handling Guidelines that recommends the use of MFA for Sensitive data and mandates it for Highly Sensitive data.
On this page, we will cover:
Setting up REDCap MFA
When logging into UNSW REDCap for the first time after 14 April 2021, you need to set up MFA first:
- Log into UNSW REDCap and select “Email” You will receive a verification code at the primary email address listed in your account. The email will be titled "REDCap 2-step login"
- Copy the verification code, paste it into “Enter the verification code that you obtained from Email” text box and click “Submit”.
- The code expires in 2 minutes. When this happens, login will be unsuccessful. In this case, exit the error message window and “Enter your verification code” window and click the email icon option again. REDCap will re-send the email with a new verification code.
- After a successful login, on the landing page, select “My Profile” on the top-right corner.
- In the “Edit Your User Profile” page and under “Login-related options”, click “Set up Google Authenticator for two-step login”
- Follow the steps to set up the Authenticator. Although REDCap by default recommends Google authenticator, other authenticator apps work too (e.g. Microsoft authenticator, which you may have already been using for the University’s Office 365 products). They are available in both iOS and Android devices. If you already have an Authenticator app, go straight to step 2, “Open the app, and scan this QR code”. If not, follow the instructions to download the Authenticator app first.
Using REDCap MFA
Once the Authenticator is set up, you can now use it to log into UNSW REDCap:
- Log into UNSW REDCap with your zID and zPass and select "Google Authenticator" option when prompted
- The verification code will be available on your Authenticator app. Type in this code in the “Enter the verification code that you obtained from Google Authenticator” text box and click “Submit”.
You will only be prompted every 90 days for each browser/device if you select “Don't prompt me with two-step login on this computer for 90 days.”