Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

This page is currently being migrated to a new layout with updated content.

Section


Column
width30%


Table of Contents
Table of Contents



Column
width70%

Introduction

Passwords can be problematic. They can be relatively easy to steal or accidentally give away, and hard to remember, and requirements change from one site to another. If they fall into the wrong hands, important information and systems are vulnerable. One of the simplest and most powerful tools to stop account abuse while reducing the need for ever-more-complicated passwords is called two-factor authentication. At Carleton we use Duo for managing two-factor authentication.

 



...

What is Two Factor Authentication?

In its most common form, two-factor authentication means logging in with a username and password combination (factor one), followed by verification via a text message, phone call, or smartphone app, to name a few (factor two). Most services offer a "remember me on this device" option so that you aren't prompted for the second factor every time. For our purposes this option is available for the span of 60 days.  Don’t have a mobile phone? You can also use your desk phone, tablet, or a key-fob sized device that generates short codes.  You may already have encountered two-factor authentication in some other web services that you use. It has also been branded as 2-step verification (Google), login verification (Twitter), and login approvals (Facebook). If you used TurboTax this year, you probably used your phone as a second factor.

...

For more information take the annual InfoSec 101 security awareness training course.

...

...


Note
titleCreate a Backup Option

We HIGHLY recommend that you configure at least one backup option:

  • For Faculty & Staff we recommend using at least two different devices - a cell phone and an office landline, for example.
  • For Students, Faculty or Staff (particularly those with only one device) we recommend requesting and storing 5 one-time use passcodes that you can keep with you.

This will help make sure you can independently make changes to duo even when you have changes in phone numbers.

...

For faculty, staff, and students, because the risk is low, ITS-managed public labs are exempt from Duo for many sites commonly used for standard academic purposes, but services that contain sensitive, protected information will still prompt for Duo Authentication in labs. If you are repeatedly prompted for Duo confirmation on a public lab computer, let the ITS helpdesk know.

 

...

FAQs about Duo (redirects to another page)

 


...

Troubleshooting

For questions not answered below, check  guide.duo.com for common instructions and step-by-step guides; or  duo.com/support for more specific problems or questions, or contact the ITS Helpdesk.

"Remember me for 60 Days" box is greyed out

If you configured Duo to "Automatically send a push" notification, then anytime you are re-prompted, Duo will send you a push before allowing you to choose the Remember Me option.  There are two ways to address this issue.

Option 1: Keep Automatic Push, Cancel, and Re-Push

If you like the Automatic Push, you can keep that turned on and still have devices remember you. 

  1. When you are at a duo prompt where you'd like to set the "Remember me" option, press the blue "cancel" button on the Duo prompt.
  2. Ignore the prompt that is sent to your device
  3. The duo screen should still be visible, and now you should be able to check the "Remember me" box
  4. Click "Send me a Push" again.  This will send a new Duo push to your phone, and once accepted, that device will remember you for 60 days.

Option 2: Turn off Automatic Push

If you don't want to do the process described in Option 1 each time you need to remember a device, you can turn Automatic Pushes off.  To do this:

  1. Click Cancel on the push that came up
  2. In the left side of the Duo window, click "My Settings & Devices"
  3. Approve the Duo prompt that comes, to ensure Duo that you are you (you still will not be able to choose a remember me option)
  4. In the window that opens, you should see menus for "Default Device:" and "When I log in:"
  5. Change the "When I log in:" setting to "Ask me to choose an authentication method"

After this, you will need to click the "Send me a Push" button each time you are prompted, but it will be easier to get to the "Remember me for 60 days" box

I chose "Remember me" and it hasn't been 60 days, but I am being prompted again

If you have cleared your browser's cookies and cache, this will reset the token that Duo uses to track your device.  Simply check the box again and you should be good for the next 60 days or until the next clearing of cookies and cache.

Codes from my Security Token (Key Fob) are not working

...

Emailhelpdesk@carleton.edu (do NOT use for urgent issues)