As previously announced, Two-Step Login was applied to high-risk areas of Workday April 20, 2017. To prevent people with a stolen NetID and password from being able to access W-2 and direct deposit information, and at the direction of senior university leadership, on April 21, 2017, CIT automatically enrolled a Two-Step Login authenticator for all university employees who had not signed up for Two-Step Login. These steps were taken in order to provide an immediate, large security benefit for the Cornell community.
Full article at: https://it.cornell.edu/news/two-step-login-update-unsecured-accounts-auto-enrolled-april-21-2017/20170421
How to Manage Your Two-Step Login Devices if your account was auto-enrolled:
it.cornell.edu/twostep/how-manage-your-two-step-login-devices-if-your-account-was-auto-enrolled