Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section
Column
width30%
Table of Contents
Table of Contents
Column
width70%

Introduction

Passwords can be problematic. They can be relatively easy to steal or accidentally give away, and hard to remember, and requirements change from one site to another. If they fall into the wrong hands, important information and systems are vulnerable. One of the simplest and most powerful tools to stop account abuse while reducing the need for ever-more-complicated passwords is called two-factor authentication. At Carleton we use Duo for managing two-factor authentication.

 

What is Two Factor Authentication?

In its most common form, two-factor authentication means logging in with a username and password combination (factor one), followed by verification via a text message, phone call, or smartphone app, to name a few (factor two). Most services offer a "remember me on this device" option so that you aren't prompted for the second factor every time. For our purposes this option is available for the span of 60 days.  Don’t have a mobile phone? You can also use your desk phone, tablet, or a key-fob sized device that generates short codes.  You may already have encountered two-factor authentication in some other web services that you use. It has also been branded as 2-step verification (Google), login verification (Twitter), and login approvals (Facebook). If you used TurboTax this year, you probably used your phone as a second factor.

Carleton uses Duo to provide two-factor authentication, along with many other universities and colleges, and click here to see Duo's explanation of Two-Factor Authentication.

For more information take the annual InfoSec 101 security awareness training course.

 

Setting up Duo

  • To access the enrollment page at Carleton go to: login.carleton.edu/info
    • Until March 30th when Duo becomes mandatory, you can choose the "Turn Two-Factor on (or off)"
    • If you currently or have previously configured Duo, you can choose "Manage your phones and devices"
  • Then, follow Duo's instructions for how to enroll: https://guide.duo.com/enrollment

 

Note
titleConfigure Multiple Devices

We HIGHLY recommend that you configure at least two different devices - a cell phone and an office landline, for example. This will help make sure you can independently make changes to duo even when you have changes in phone numbers.

...

Widget Connector
urlhttps://www.youtube.com/watch?v=3UpGOrI-EII

 

Re-configure Duo on a New Phone  

  1. Access the Duo management page at Carleton: login.carleton.edu/info
  2. Choose "Manage your phones and devices"
  3. You will need to complete the Duo authentication process again to verify that you are authorized to manage your devices. If your phone number did not change, the easiest option is to choose "Call me" and then answer the phone and follow the prompts.
  4. From here, you can continue to Duo's device management guide to edit your device: https://guide.duo.com/manage-devices#manage-existing-devices

If your device number changed, and if you have no other devices configured for duo, you will need to contact the ITS helpdesk for assistance.

Systems that trigger a Duo Prompt

Everything URL beginning with login.carleton.edu or apps.carleton.edu uses two factor authentication, and we're adding more sites to the list as we can. Some examples include: Google, Reason, Symplicity, Terradotta, search committee access to jobs.carleton.edu, Slate Admissions, this Wiki, Lynda.com, blogs.carleton.edu, and about 50 off-campus services.

For faculty, staff, and students, because the risk is low, ITS-managed public labs are exempt from Duo for many sites commonly used for standard academic purposes, but services that contain sensitive, protected information will still prompt for Duo Authentication in labs. If you are repeatedly prompted for Duo confirmation on a public lab computer, let the ITS helpdesk know.

 

Troubleshooting

"Remember me for 60 Days" box is greyed out

If you configured Duo to "Automatically send a push" notification, then anytime you are re-prompted, Duo will send you a push before allowing you to choose the Remember Me option.  There are two ways to address this issue.

Option 1: Keep Automatic Push, Cancel, and Re-Push

If you like the Automatic Push, you can keep that turned on and still have devices remember you. 

  1. When you are at a duo prompt where you'd like to set the "Remember me" option, press the blue "cancel" button on the Duo prompt.
  2. Ignore the prompt that is sent to your device
  3. The duo screen should still be visible, and now you should be able to check the "Remember me" box
  4. Click "Send me a Push" again.  This will send a new Duo push to your phone, and once accepted, that device will remember you for 60 days.

Option 2: Turn off Automatic Push

If you don't want to do the process described in Option 1 each time you need to remember a device, you can turn Automatic Pushes off.  To do this:

  1. Click Cancel on the push that came up
  2. In the left side of the Duo window, click "My Settings & Devices"
  3. Approve the Duo prompt that comes, to ensure Duo that you are you (you still will not be able to choose a remember me option)
  4. In the window that opens, you should see menus for "Default Device:" and "When I log in:"
  5. Change the "When I log in:" setting to "Ask me to choose an authentication method"

After this, you will need to click the "Send me a Push" button each time you are prompted, but it will be easier to get to the "Remember me for 60 days" box

I chose "Remember me" and it hasn't been 60 days, but I am being prompted again

If you have cleared your browser's cookies and cache, this will reset the token that Duo uses to track your device.  Simply check the box again and you should be good for the next 60 days or until the next clearing of cookies and cache.

Who to Contact

Two-factor authentication is supported by the ITS helpdesk:

Phone: 507-222-5999

Emailhelpdesk@carleton.edu (do NOT use for urgent issues)

...

***New Duo Information Pages***

Info

This page is currently being migrated to a new layout with updated content. 

Check out the /wiki/spaces/TAR/pages/26451660!

We will update the title of this page to reflect these changes when our wiki system allows us to - stay tuned!

...