CU Secure Wi-Fi - FAQ

Not necessarily. In a campus environment, a user's Wi-Fi experience will be heavily dependent on both environmental factors and overall demand for network resources.

• Signal strength is typically affected by the user's distance from a Wi-Fi access point, physical obstructions between the user and the access point, and interference from neighboring Wi-Fi devices.
• Connection speeds are typically affected by the number of networks being broadcast and the number of devices that are connected to or active on a specific access point or overall network.

Downloading and installing a certificate prior to joining a Wi-Fi network is a new experience for many users, as most public and residential Wi-Fi networks are unencrypted and/or use passwords or device-specific Wi-Fi MAC addresses for authentication rather than certificates.

Those authentication methods are riskier for institutions like CU Boulder, where lost and stolen passwords expose us to data breaches, and device updates can cause Wi-Fi MAC address authentication to fail.

To avoid these issues and provide best-in-class Wi-Fi security, CU Secure relies on the certificate to:

• automatically authenticate your device onto the CU Secure Wi-Fi network
• ensure your device connects to our network, rather than an imitation network designed to eavesdrop on your communications or steal passwords (an evil twin attack)
• allow your device to reliably connect to CU Secure regardless of your device's Wi-Fi MAC address or other configuration settings

Due to significant differences between each version of Android, the SecureW2 JoinNow MultiOS app is needed to accurately identify your Android version and install the correct certificate on your device. It also helps you stay registered on CU Secure after upgrading to a newer version.

To learn more, visit the vendor's SecureW2 App webpage.

Once your Android device connects to CU Secure for the first time, the app doesn't need to be opened again. However, it's strongly recommended that you keep the app installed and active (i.e., not in deep sleep) for two reasons:

• On most versions of Android, uninstalling an application deletes the configuration data associated with it. In this case, it would delete the CU Secure certificate, preventing you from connecting to that Wi-Fi network in the future.
• If you upgrade to a new Android version or experience a connection issue that requires you to "forget" CU Secure and re-authenticate on that device, having the app installed will make the process easier.

No. Neither the CU Secure certificate nor the SecureW2 JoinNow app allows CU Boulder to monitor or access your data.

For developer-provided disclosures, see Google Play's SecureW2 JoinNow Data Safety page.

None. The certificate does not need administrator user rights for your device to complete the installation or to operate.

The onboarding client installs a certificate that is unique to you and/or your device, and is required to connect to the network.

The certificate allows your device to connect to CU Secure automatically after initial registration.

• For personal devices, this connection uses first name, last name, email address, IdentiKey, and the device's operating system.
• For Secure Computing devices, this connection uses only the device's serial number.

Secure Computing devices

If your laptop is enrolled in Secure Computing, then it already has the CU Secure certificate installed. Learn how to identify a Secure Computing device.

Non-Secure Computing devices

If you have a university-purchased laptop that isn't enrolled in Secure Computing yet, please follow the personal device registration process described in the next section.

To double-check that your Secure Computing device has the CU Secure certificate installed, search for the CU Secure network or profile.

Windows

1. Go to Settings > Network & internet > Wi-Fi > Manage known networks.
2. If you see CU Secure (Secure Computing) listed, then your device is ready to go.

Mac

1. Go to Apple > System Settings > General > Device Management.
2. Under the Device (Managed) heading, if you see CU Secure (Secure Computing) listed, then your device is ready to go.

To double-check that your non-Secure Computing device has the CU Secure certificate installed, search for the CU Secure network or profile.

Windows

1. Go to Settings > Network & internet > Wi-Fi > Manage known networks.
2. If you see CU Secure listed, then your device is ready to go.

Mac

1. Go to Apple > System Settings > General > Device Management.
2. Under the User heading, if you see University of Colorado Boulder CU Secure, then your device is ready to go.

Android

1. Go to Settings > Connections > Wi-Fi.
2. Tap the three-dot icon on the upper right ("More options"), then tap Advanced settings > Manage networks.
3. If you see CU Secure listed, then your device is ready to go.

iPhone & iPad

1. Go to Settings > General > VPN & Device Management.
2. Under the Configuration Profiles heading, if you see University of Colorado Boulder CU Secure MobileConfig, then your device is ready to go.

You probably have at least one personal device that connects to campus Wi-Fi automatically. To register it on the new secure Wi-Fi network, you need to install the CU Secure certificate/app.

For step-by-step instructions, view the CU Secure tutorial for your device's operating system:

• Windows
• Mac
• Android
• iPhone/iPad

The first time your device is in range of the CU Secure Wi-Fi network, you may need to toggle your Wi-Fi off and on, then select CU Secure from your list of available networks to complete the process.

Going forward, your device should automatically connect to CU Secure whenever it's in range.

You're right to question requests to access items in your keychain. In this case, there are two reasons why it's okay to click Always Allow.

1. The eapolclient is part of macOS, not a third-party product. This client handles your device's authentication to secure Wi-Fi networks like CU Secure, which is why access is required in order to connect.
2. The access you're allowing is limited to that specific key and nothing else.

Please note: If you click Allow instead of Always Allow, you'll be prompted for your password every time you connect to CU Secure. This is a frustrating user experience, so we strongly recommend that you select Always Allow.

To double-check that your personal device has the CU Secure certificate installed, search for the CU Secure network or profile.

Windows

1. Go to Settings > Network & internet > Wi-Fi > Manage known networks.
2. If you see CU Secure listed, then your device is ready to go.

Mac

1. Go to Apple > System Settings > General > Device Management.
2. Under the User heading, if you see University of Colorado Boulder CU Secure, then your device is ready to go.

Android

1. Go to Settings > Connections > Wi-Fi.
2. Tap the three-dot icon on the upper right ("More options"), then tap Advanced settings > Manage networks.
3. If you see CU Secure listed, then your device is ready to go.

iPhone & iPad

1. Go to Settings > General > VPN & Device Management.
2. Under the Configuration Profiles heading, if you see University of Colorado Boulder CU Secure MobileConfig, then your device is ready to go.

Unlike a home network, a campus's Wi-Fi environment is highly complex and dynamic, with users constantly joining and leaving the network across a wide area. To enhance security and manage network resources for thousands of users and devices, it's critical for universities to regularly prompt users to verify their identities.

That said, CU Secure's two-year registration period is twice as long as that of UCB Wireless. A longer re-registration period is possible because CU Secure's newer, more secure protocol can support longer Wi-Fi sessions without sacrificing security.

Yes. When each device's certificate is within 25 days of expiration, you'll receive an email notification specifying the device that needs to be re-registered.

See CU Secure Wi-Fi - Troubleshooting for step-by-step instructions.