How does two-step login work?
Two-step login requires a second factor such as your office or cell phone, a passcode, or a hardware token when authenticating to a service. You still use your password, but in addition to something you know (e.g., your password), the second step requires something you have (e.g., your mobile phone).
An example of two-step login you likely are familiar with is a bank debit card. It isn’t possible to withdraw money using only a PIN (something you know). You must also swipe a card (something you have).
Each time you use your NetID to log into a service that supports two-step login, you will be prompted to complete a second step. Two-step login protects applications that use SSO for authentication, including VPN. It does not apply when logging in to non-SSO services (e.g., WordPress), the wired or wireless network, or campus computers.
Two-step login can remember trusted devices. A “remember me” setting allows you to skip the second step for 30 days on a trusted device such as your Lafayette-issued laptop, desktop, or home computer. If you use another browser on the same device, or use a different device, you will be prompted for two-step login again.
What devices or second factors can I use?
Two-step login supports a number of devices and methods of authentication.
- Push using Duo Mobile on a smartphone or tablet
- Passcode using Duo Mobile
- YubiKey / Universal 2nd Factor (U2F) Token
- Phone call to mobile or landline
What does ITS recommend?
ITS recommends you use the Duo Mobile app on your smartphone and only use phone callback to your office landline as a secondary option.
If you do not have a cell phone, or prefer not to carry one during the day, consider a U2F hardware token instead. It can go on a keychain and the cost is minimal. Departments may purchase U2F tokens for staff at their own discretion.
I will be traveling abroad. Is there anything I need to know?
Please review the information found on Two Step Login while abroad.
How about if I am an international student or will be living abroad for a time?
We recommend using DUO Mobile for authenticating to Two-Step Login. Keep in mind Google Play Store might not be available in some regions, so plan ahead. If you intend to buy a local SIM card at your destination for an existing Android device, be sure you have Duo Mobile installed prior to departure.
If you will have a different phone while abroad and find you are unable to install Duo Mobile, you can use phone callback for two-step login. But if you will not have access to the new phone until your arrival, be sure to generate SMS codes prior to arrival.