Two-Step Login provides an additional layer of security so that attackers can’t access protected systems with only your NetID. It also prevents online password guessing attacks from succeeding. Two-step login helps keep your NetID, your personal information, and the College’s digital assets safe.


How does Two-Step Login work?

Two-Step Login requires a second factor such as your office or cell phone, a passcode, or a hardware token when authenticating to a service. You still use your password, but in addition to something you know (e.g., your password), the second step requires something you have (e.g., your mobile phone).

An example of two-step login you are likely already familiar with is a bank debit card. It isn’t possible to withdraw money from a bank account using only a PIN (something you know). You must also swipe a card (something you have).

Your password plus your device proves you are you and allows you to access services.

Each time you use your NetID to log into a service that supports two-step login, you will be prompted to complete a second step. Two-step login protects applications that use single-sign on for authentication. It does not apply when logging into non-SSO services (e.g., WordPress), the wired or wireless network, or campus computers.

Two-step login can remember trusted devices. A “remember me” setting allows you to skip the second step for 30 days on a trusted device such as your Lafayette-issued laptop, desktop, or home computer. If you use another browser on the same device, or use a different device, you will be prompted to use two-step login again.

What devices or second factors can I use?

Two-Step Login supports a number of devices and methods of authentication.

  • Push using Duo Mobile on an smartphone or tablet
  • Passcode using Duo Mobile
  • YubiKey/Universal 2nd Factor (U2F) Token
  • Phone call to mobile or landline



What does ITS recommend?

ITS recommends that you use Duo mobile app on your smartphone and use phone callback to your office landline as a secondary option.

If you do not have a cell phone, or prefer not to carry one during the day, consider a U2F hardware token. It can go on a keychain and the cost is minimal. At their discretion, departments may purchase U2F tokens for staff.