Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section
Column
width30%
Table of Contents
Table of Contents
Column
width70%

Introduction

Passwords can be problematic. They can be relatively easy to steal or accidentally give away, and hard to remember, and requirements change from one site to another. If they fall into the wrong hands, important information and systems are vulnerable. One of the simplest and most powerful tools to stop account abuse while reducing the need for ever-more-complicated passwords is called two-factor authentication. At Carleton we use Duo for managing two-factor authentication.

...

In its most common form, two-factor authentication means logging in with a username and password combination (factor one), followed by verification via a text message, phone call, or smartphone app, to name a few (factor two). Most services offer a "remember me on this device" option so that you aren't prompted for the second factor every time. For our purposes this option is available for the span of 60 days.  Don’t have a mobile phone? You can also use your desk phone, tablet, or a key-fob sized device that generates short codes.  You may already have encountered two-factor authentication in some other web services that you use. It has also been branded as 2-step verification (Google), login verification (Twitter), and login approvals (Facebook). If you used TurboTax this year, you probably used your phone as a second factor.

...

For more information take the annual InfoSec 101 security awareness training course.

...

  • To access the enrollment page at Carleton go to: logingo.carleton.edu/info (login.carleton.edu will work if the previous link does not)
    • Until March 30th when Duo becomes mandatory, you can choose the "Turn Two-Factor on (or off)"
    • If you currently or have previously configured Duo, you can choose "Manage your phones and devices"
  • Then, follow Duo's instructions for how to enroll: https://guide.duo.com/enrollment

...

  1. Access the Duo management page at Carleton: logingo.carleton.edu/info (login.carleton.edu will work if the previous link does not)
  2. Choose "Manage your phones and devices"
  3. You will need to complete the Duo authentication process again to verify that you are authorized to manage your devices. If your phone number did not change, the easiest option is to choose "Call me" and then answer the phone and follow the prompts.
  4. From here, you can continue to Duo's device management guide to edit your device: https://guide.duo.com/manage-devices#manage-existing-devices

...

For faculty, staff, and students, because the risk is low, ITS-managed public labs are exempt from Duo for many sites commonly used for standard academic purposes, but services that contain sensitive, protected information will still prompt for Duo Authentication in labs. If you are repeatedly prompted for Duo confirmation on a public lab computer, let the ITS helpdesk know.

 

...

Troubleshooting

"Remember me for 60 Days" box is greyed out

If you configured Duo to "Automatically send a push" notification, then anytime you are re-prompted, Duo will send you a push before allowing you to choose the Remember Me option.  There are two ways to address this issue.

Option 1: Keep Automatic Push, Cancel, and Re-Push

If you like the Automatic Push, you can keep that turned on and still have devices remember you. 

  1. When you are at a duo prompt where you'd like to set the "Remember me" option, press the blue "cancel" button on the Duo prompt.
  2. Ignore the prompt that is sent to your device
  3. The duo screen should still be visible, and now you should be able to check the "Remember me" box
  4. Click "Send me a Push" again.  This will send a new Duo push to your phone, and once accepted, that device will remember you for 60 days.

Option 2: Turn off Automatic Push

If you don't want to do the process described in Option 1 each time you need to remember a device, you can turn Automatic Pushes off.  To do this:

  1. Click Cancel on the push that came up
  2. In the left side of the Duo window, click "My Settings & Devices"
  3. Approve the Duo prompt that comes, to ensure Duo that you are you (you still will not be able to choose a remember me option)
  4. In the window that opens, you should see menus for "Default Device:" and "When I log in:"
  5. Change the "When I log in:" setting to "Ask me to choose an authentication method"

After this, you will need to click the "Send me a Push" button each time you are prompted, but it will be easier to get to the "Remember me for 60 days" box

I chose "Remember me" and it hasn't been 60 days, but I am being prompted again

If you have cleared your browser's cookies and cache, this will reset the token that Duo uses to track your device.  Simply check the box again and you should be good for the next 60 days or until the next clearing of cookies and cache.

...

Who to Contact

Two-factor authentication is supported by the ITS helpdesk:

...