System Login and Two-Factor Authentication (2FA)

Corporate email addresses are being used as usernames and are protected with Two-Factor Authentication (2FA) via Duo Security, in accordance with CME Group’s Security guidelines.

The password policy:

• minimum of 10 characters (with at least one number, one upper case letter, one lower case letter, and one symbol)
• must not be a previously used password
• must not contain all or part of the user-name, first or last names of the user
• must not be present in our list of commonly used passwords

Two-Factor Authentication is mandatory for all users:

On first time login, EBS Workstation prompts users to set up a second authentication factor. Subsequently, users will be required to authenticate via a second factor on the following occasions:

• first-time login on a new device
• 90 days after the previous second factor authentication on a trusted device
• after clearing all browser cookies
• when attempting to make any changes to 2FA option

Select from the following options:

• Duo Mobile App: An application on Android or iOS mobile device requiring users to respond to a push notification when challenged. Users need to download and install Duo Mobile app from Google Play or Apple store prior to log in.
• U2F Key: Universal Second Factor USB Key (ex. YubiKey) inserted into the user’s workstation or new EBS Keypad and tapped when requested.
• Desk Phone: A call to the user’s registered desk phone number to deliver a one-time password (OTP) when requested. To enable Desk Phone self-registration, contact your Account Representative.