How does two-step login work?
Two-step login requires a second factor such as your office or cell phone, a passcode, or a hardware token when authenticating to a service. You still use your password, but in addition to something you know (e.g., your password), the second step requires something you have (e.g., your mobile phone).
An example of two-step login you are likely already familiar with is a bank debit card. It isn’t possible to withdraw money from a bank account using only a PIN (something you know). You must also swipe a card (something you have).
Each time you use your NetID to log into a service that supports two-step login, you will be prompted to complete a second step. Two-step login protects applications that use single-sign on for authentication. It does not apply when logging into non-SSO services (e.g., WordPress), the wired or wireless network, or campus computers.
Two-step login can remember trusted devices. A “remember me” setting allows you to skip the second step for 30 days on a trusted device such as your Lafayette-issued laptop, desktop, or home computer. If you use another browser on the same device, or use a different device, you will be prompted to use two-step login again.
What devices or second factors can I use?
Two-step login supports a number of devices and methods of authentication.
- Push using Duo Mobile on an smartphone or tablet
- Passcode using Duo Mobile
- YubiKey/Universal 2nd Factor (U2F) Token
- Phone call to mobile or landline
What does ITS recommend?
ITS recommends that you use Duo mobile app on your smartphone and use phone callback to your office landline as a secondary option.
If you do not have a cell phone, or prefer not to carry one during the day, consider a U2F hardware token. It can go on a keychain and the cost is minimal. At their discretion, departments may purchase U2F tokens for staff.
Traveling or living abroad?
Please review the information found on Two Step Login while abroad.