How does Two-Step Login work?
Two-Step Login requires a second factor such as your office or cell phone, a passcode, or a hardware token when authenticating to a service. You still use your password, but in addition to something you know (e.g., your password), the second step requires something you have (e.g., your mobile phone).
An example of two-step login you are likely already familiar with is a bank debit card. It isn’t possible to withdraw money from a bank account using only a PIN (something you know). You must also swipe a card (something you have).
Each time you use your NetID to log into a service that supports two-step login, you will be prompted to complete a second step. Two-step login protects applications that use single-sign on for authentication. It does not apply when logging into non-SSO services (e.g., WordPress), the wired or wireless network, or campus computers.
Two-step login can remember trusted devices. A “remember me” setting allows you to skip the second step for 30 days on a trusted device such as your Lafayette-issued laptop, desktop, or home computer. If you use another browser on the same device, or use a different device, you will be prompted to use two-step login again.
What devices or second factors can I use?
Two-Step Login supports a number of devices and methods of authentication.
- Push using Duo Mobile on an smartphone or tablet
- Passcode using Duo Mobile
- YubiKey/Universal 2nd Factor (U2F) Token
- Phone call to mobile or landline
What does ITS recommend?
ITS recommends that you use Duo mobile app on your smartphone and use phone callback to your office landline as a secondary option.
If you do not have a cell phone, or prefer not to carry one during the day, consider a U2F hardware token. It can go on a keychain and the cost is minimal. At their discretion, departments may purchase U2F tokens for staff.