Duo: Two-factor Authentication

Duo: Increasing Data Security at WU

Two-factor Authentication provides an added layer of protection when accessing Willamette applications such as the Portal, WISE, SAGE, Zoom, and Workday. After you log in with your Willamette ID and password, you’ll use a device in your possession to verify your identity. With two-factor, your data is protected, even if your password becomes compromised.  To achieve this functionality, WITS is using a product named Duo.

Once you are enrolled in Duo, you'll need to verify your SSO (Single Sign On) login with a second form of identification.  You can watch Duo's official introduction video here: Welcome to Duo Video

 

Duo Enrollment

How to Enroll in Two-factor Authentication

To enroll, you will be notified by WITS that your department is being set up on two-factor authentication (Duo) and then the next time you log into a protected application, you will be prompted to enroll in Duo Security. Contact WITS at x6767 or your User Services Consultant if you need help with these instructions. 

1. Begin

Click on ‘Start Setup’ and enter your Willamette ID and password at the two-factor authentication page to begin enrollment.

2. Enroll

Choose your methods from the list below and see more details about the options in Methods Table (see below).

  • Select Duo Mobile Push or Single Use Verification Codes (highly recommended as your primary option!)
    • First, use your smartphone to download the free Duo Mobile app from the App Store (iOS) or Google Play Store (Android) depending on your device.
    • Follow the on-screen instructions to generate a QR code on your computer screen, and then use the Duo Mobile app to scan this code.
    • Accept the Duo test push on your device before proceeding.
    • Click ‘Add another device’ to add a phone as a backup (recommended). Choose ‘Landline’ to enter your office phone number.
    • If you are in a location with poor cellular data and/or WiFi connectivity, you can open the Duo app and use a Single Use Verification Code as your two-factor authentication method.  This works exactly the same as the Hardware Token mentioned below.
(or)
  • Select Phone Call as your primary method
    • If you would like the two-factor authentication service to call you on one of your phones, enter your mobile phone and/or landline numbers.
(or)
  • Select Hardware Token as your primary method
    • If you wish to register a physical hardware token that will display two-factor authentication codes, you'll have to get one from your User Services Consultant and supply the token’s serial number during registration.
    • The Hardware Token is like a key-fob with a number on it.  Numbers on the Token are tied to your user account in Duo and they work even if you are in a location without WiFi.


That's it! Now you're ready for two-factor authentication whenever your web application asks for it.

If you need to make changes in the future to your Two Factor Authentication profile (e.g. add/change a phone number, unenroll/re-enroll a new smartphone for Duo Mobile, etc.), the next time you’re logging in and the Authentication with Duo screen pops up, click ‘Add New Device’ or ‘My Settings & Devices’ on the left hand side of the pop-up screen.

How do I use Two Factor Authentication?

Two-factor is easy to use and provides many verification options, so you’ll always be able to access your data – even if you’re not connected to a cellular data or Wi-Fi network.  

After enrolling in two-factor, you’ll:

  1. Log in with your Willamette ID and password as usual.
  2. Verify your identity using a device in your possession. Use one of the methods that you set up during enrollment.

Methods Table


Method

Device(s)

Network Connectivity

Duo Push (recommended)

Receive an automated push notification on your device. Tap “Approve” to verify your identity and complete your login. If you ever receive a push notification and you didn’t initiate it, tap “Deny”, as this means someone is trying to gain unauthorized access to your account!

iOS or Android Device (phone or tablet) with Duo Mobile app installed

Wi-Fi or cellular data connection is required

Duo Mobile Single-Use Verification Code

Launch the Duo app on your device to see a single-use verification code. Enter the code in browser when prompted. Can use instead of “Push” whenever Wi-Fi or cellular data connections are weak/non-existent.

iOS or Android Device (phone or tablet) with Duo Mobile app installed

Does not require Wi-Fi or cellular data connectivity

Phone Call (Recommended backup option)

During enrollment, enter a phone number that you can easily access. At log-in time, you will receive an automated phone call allowing you to confirm or deny the Two Factor request. If you ever receive a phone call and you didn’t initiate it, do not confirm it, as this means someone is trying to gain unauthorized access to your account!

Any landline or mobile phone

Phone service required

Hardware Token 

Automatically generate a single-use verification code using the token. Enter code into browser when prompted. Please contact your User Services Consultant for more information about procuring and using a hardware token.

Hardware Token

Does not require Wi-Fi or cellular data connectivity; hardware token is self-contained


If you are unable to obtain a verification code using either your primary or back-up methods, call the WITS Help Desk at (503) 370-6767 during business hours (Monday – Friday, 8:00am – 5:00pm PST).  Additionally, you can contact your User Services Consultant to assist you.

Two-factor Authentication FAQ

Why is Willamette requiring faculty and staff to enroll in two-factor authentication?

Willamette is requiring faculty and staff to enroll in two-factor authentication in order to protect University information assets and community members’ personal information. Many of Willamette’s peer institutions have already implemented two-factor, as have banks, financial services providers, and companies such as Apple and Google. As more and more of the University’s interactions with its students, faculty, staff, and alumni occur over web-based applications, the need to protect your data from those with criminal intent or a personal grudge is continually increasing.

Password-related security breaches are happening with increasing frequency all over the world. When such breaches occur, users’ passwords and other personal information are then sold to other hackers, or even simply released openly to the world. Considering that users frequently re-use passwords at multiple websites, the security provided by a simple password becomes weaker each year.

In short, relying on passwords to protect our personal and organizational security is not sufficient. We must take steps to improve the security posture of both the University as a whole and you, our individual users.

One of the simplest and most effective methods to do so is to encourage wide adoption of two-factor authentication for access to applications.

How do I enroll in two-factor authentication?

WITS Staff will contact you and your department when it is scheduled to move to two-factor authentication.

Will I need to use two-factor every time I log into a protected website?

With two-factor, all Willamette applications that are set up on Single Sign-on (i.e., prompt you for your Willamette ID and password) will now also require you to provide two-factor authentication. However, during the log-in and verification process, you can choose to check the box for “Remember me for 7 days” This means you won’t be prompted to use two-factor for subsequent logins for seven days.

Note: The “Remember me for 7 days” feature is set for an individual browser on an individual computer. If you switch to a different browser or use a different computer, you will need to complete two-factor authentication for that new browser – but you can remember more than one browser for the 7 day period.

Will I need to use Duo two-factor to log in to Google Apps?

Not at this time. However, we are requiring administrative departments with access to confidential data to set up two step verification via Google 2-Step Verification

Will I need to use Duo two-factor to log in to my desktop?

Your Willamette desktop/laptop computer is not integrated with Duo two-factor authentication.  Log in as you always have in the past.

What is Duo Mobile?

Duo Mobile (https://duo.com) is an application that allows you to use your Android or iOS device (smartphone) for two-step verification. Duo Mobile is free to download and use.

Duo Mobile is simple to set up and provides two options for completing your second login step.

  • Use Duo Push to automatically receive a “push notification” on your device when you log in. You only need to press “Approve” on your device to complete the login. 
  • Open the Duo Mobile app on your iOS or Android device to generate a single-use verification code, and then enter that code in your browser.

For more information, refer to the Methods Table.

What are the different methods and devices for logging in with Two-Step?

Refer to the Methods Table above.

Do I need to re-register my Duo Mobile device for two-factor if I change my cellphone number/SIM card?

No. The Duo application uses Internet connectivity for push notifications, and requires no connectivity at all to generate 6-digit codes. If your phone number changes, you only need to update your phone numbers for the Call Me features, because these rely on your phone number. All other two-step methods (Duo Push, Duo Mobile codes, hardware token) are unaffected by changes to your cell phone number.

How do I manage my two-factor authentication Duo profile?

If you need to make changes in the future to your two-factor authentication profile (e.g. add/change a phone number, unenroll/re-enroll a new smartphone for Duo Mobile, etc.), the next time you’re logging in and the Authentication with Duo screen pops up, click ‘Add New Device’ or ‘My Settings & Devices’ on the left hand side of the pop-up screen. 

Google 2-Step Verification

Google 2-Step Verification protects your Google account. Each time you sign into your Google account, you’ll need your password and a verification code that you obtain from the Google Authenticator app. However, you can have it remember a device so that it won’t prompt you again on that device. 

Willamette is now requiring all staff who have access to confidential data via their Google account to turn on Google 2-Step Verification. With Google 2-Step Verification, your Google account is protected, even if your password is compromised. In the near future, access to your Google account will be through single sign-on, and it will then be protected via Duo. 

Follow this link to learn more and then click the “Get Started” button and follow the instructions to set it up. Contact the Help Desk or your User Services Consultant if you need assistance.


Back to Top