Section | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
In its most common form, two-factor authentication means logging in with a username and password combination (factor one), followed by verification via a text message, phone call, or smartphone app, to name a few (factor two). Most services offer a "remember me on this device" option so that you aren't prompted for the second factor every time. For our purposes this option is available for the span of 60 days. Don’t have a mobile phone? You can also use your desk phone, tablet, or a key-fob sized device that generates short codes. You may already have encountered two-factor authentication in some other web services that you use. It has also been branded as 2-step verification (Google), login verification (Twitter), and login approvals (Facebook). If you used TurboTax this year, you probably used your phone as a second factor.
...
For more information take the annual InfoSec 101 security awareness training course.
...
- To access the enrollment page at Carleton go to: login.carleton.edu/info (login.carleton.edu will work if the previous link does not)
- Until March 30th when Duo becomes mandatory, you can choose the "Turn Two-Factor on (or off)"
- If you currently or have previously configured Duo, you can choose "Manage your phones and devices"
- Then, follow Duo's instructions for how to enroll: https://guide.duo.com/enrollment
...
- Access the Duo management page at Carleton: login.carleton.edu/info (login.carleton.edu will work if the previous link does not)
- Choose "Manage your phones and devices"
- You will need to complete the Duo authentication process again to verify that you are authorized to manage your devices. If your phone number did not change, the easiest option is to choose "Call me" and then answer the phone and follow the prompts.
- From here, you can continue to Duo's device management guide to edit your device: https://guide.duo.com/manage-devices#manage-existing-devices
If your device number changed, and if you have no other devices configured for duo, you will need to contact the ITS helpdesk for assistance.
...
Request a Key-fob Authenticator (good while traveling)
If you would like a method of authentication that does not use text messages, phone calls, or an app on a smart phone, or if you will be traveling to areas without reliable US cell reception or wireless, there are small devices that Carleton community members can request for free (and keep) that generate codes that are syncronized with your account. At any point, in any location, you can use one of those codes to authenticate. The codes refresh every few seconds.
To request one of these authenticators, sign up for Duo as described above and configure at least one phone, call or email the ITS helpdesk.
We need at least 1 week's notice to make sure we have the device and properly link it to your account.
...
Systems that trigger a Duo Prompt
...
For faculty, staff, and students, because the risk is low, ITS-managed public labs are exempt from Duo for many sites commonly used for standard academic purposes, but services that contain sensitive, protected information will still prompt for Duo Authentication in labs. If you are repeatedly prompted for Duo confirmation on a public lab computer, let the ITS helpdesk know.
...
Troubleshooting
"Remember me for 60 Days" box is greyed out
If you configured Duo to "Automatically send a push" notification, then anytime you are re-prompted, Duo will send you a push before allowing you to choose the Remember Me option. There are two ways to address this issue.
Option 1: Keep Automatic Push, Cancel, and Re-Push
If you like the Automatic Push, you can keep that turned on and still have devices remember you.
- When you are at a duo prompt where you'd like to set the "Remember me" option, press the blue "cancel" button on the Duo prompt.
- Ignore the prompt that is sent to your device
- The duo screen should still be visible, and now you should be able to check the "Remember me" box
- Click "Send me a Push" again. This will send a new Duo push to your phone, and once accepted, that device will remember you for 60 days.
Option 2: Turn off Automatic Push
If you don't want to do the process described in Option 1 each time you need to remember a device, you can turn Automatic Pushes off. To do this:
- Click Cancel on the push that came up
- In the left side of the Duo window, click "My Settings & Devices"
- Approve the Duo prompt that comes, to ensure Duo that you are you (you still will not be able to choose a remember me option)
- In the window that opens, you should see menus for "Default Device:" and "When I log in:"
- Change the "When I log in:" setting to "Ask me to choose an authentication method"
After this, you will need to click the "Send me a Push" button each time you are prompted, but it will be easier to get to the "Remember me for 60 days" box
I chose "Remember me" and it hasn't been 60 days, but I am being prompted again
If you have cleared your browser's cookies and cache, this will reset the token that Duo uses to track your device. Simply check the box again and you should be good for the next 60 days or until the next clearing of cookies and cache.
...
Who to Contact
Two-factor authentication is supported by the ITS helpdesk:
...