Duo Two-Factor Authentication
Brandeis has enabled two-factor authentication using the Duo service. Two-factor authentication serves as an extra layer of security designed to prevent unauthorized access to your account and personal information. Duo protects your Brandeis account by requiring two forms of authentication to verify your identity when logging into Brandeis services:
- Something you know: your Brandeis username and password
- Something you have: a physical device (such as mobile phone, tablet, or landline phone
New UsersEnroll in Duo
After you have enrolled in Duo two-factor authentication, you will need the following to log-in to Brandeis systems and services:
- Your Brandeis Username and Password.
- A physical device you control such as a mobile phone, tablet, or landline phone to verify or authenticate your account.
Existing UsersManage Duo Devices
Two-Step Authentication Device Options
|Device Options||Authentication Methods||Supported Platforms||Additional Information|
||Mobile phone with SMS text messaging capability|
Data plan is not required to receive mobile push notification or passcode via Duo Mobile app.
||Data plan is not required to receive mobile push notification or passcode via Duo Mobile app.|
|Landline||Phone call||All phones|
|Hardware Token||Passcode||A "keychain" hardware token displays six-digit code at a push of a button||Tokens are available from the Technology Help Desk.|
Frequently Asked Questions (FAQs)
Duo protects your Brandeis account from being easily compromised due to phishing or malware by providing an extra layer of security beyond your username and password. Duo requires a second factor by validating something you have, such as a smartphone or tablet. Once you have enrolled, you will be required to use two forms of authentication to verify your identity when logging into Brandeis services: your username and password, and a physical device (such as mobile phone or tablet).
Once you are enrolled in Duo, you will be required to use two forms of authentication when accessing Brandeis protected systems and services which include (but not limited to):
webedit.brandeis.edu (Cascade Server CMS)
Starting April 2019, Duo two-factor authentication will be required to access Workday.
It is not necessary to have a smartphone to use Duo. Also, a data plan is not required for your device. You can use a not-so-smartphone, tablet or landline phone as your second device. Alternatively, you can request a hardware token which does not require an internet or cellular connection. Tokens are available from the Technology Help Desk.
Please refer to the Two-Step Authentication Devices table above for detailed information.
Once you are in the Duo Authentication page, click the check box at the bottom that reads Remember me for 30 days. After you have fully authenticated, your browser will not require you to do this again when you come back at a later session (within the 30 day period).
Note: Two-step authentication is requested at least every 30 days for each computer and each browser you use to access Brandeis protected websites.
If you are unable to select the 'Remember me for 30 days' checkbox and are prompted with a "You need to enable cookies in order to remember this device" message, you likely have the cookie settings pictured below*.
Follow these steps to resolve the issue:
1. In the 'Accept third-party cookies and site data' section, select 'Always' from the drop-down menu.
2. Save your changes however the browser updates (e.g., clicking 'OK', 'Save', etc.)
* Note: screenshot is taken from Firefox. Other browsers, such as Chrome and Safari will have their settings displayed differently.
Or, if you want to keep third-party cookies blocked, enable an exception for the Duo cookies via this Duo FAQ "Can Duo's Remembered Devices feature work if third-party cookies are blocked?"
Contact the Technology Help Desk for a one-time use passcode. The Technology Help Desk will have to verify your identity.
If you are traveling and you have limited or no cellular service or internet connection, please review the following options:
- Obtain a hardware token from the Technology Help Desk before traveling.
- Have Duo send a list of 10 passcodes to your phone before you leave. On the Duo Authentication screen, select 'Enter a Passcode' then click 'Text me new codes'.
- A list of 10 passcodes will be sent to the phone number provided.
Note: these passcodes codes are for one-time use.
- Enter one of the 10 codes in the field next to the 'Log In' button, then click 'Log In'.
A hardware token is a two-step authentication device that generates and displays a six-digit passcode at the push of a button. The device does not need wireless access or a data connection. Tokens are available upon request.
Contact the Technology Help Desk to request a hardware token. It will need to be activated by a Technology Help Desk staff member before leaving the Help Desk area.
Contact the Technology Help Desk ASAP. We will replace it for you, and can assist with deactivating the lost one.
Please call or come to the Technology Help Desk as the token will need to be reset by a staff member.
Contact the Technology Help Desk to deactivate your old phone number/device and register a new one for Duo.
Duo is not currently compatible with Google Authenticator or LastPass Authenticator.
If you have Google 2-Step enabled on your Brandeis account, Duo is intended as a replacement. You may use both; you will be prompted twice for a second authentication factor (by Duo and Google).
If you use the Duo mobile app, you can still register your smartphone as your second factor. The Duo mobile app will create a Brandeis profile alongside your existing profile. If you currently use a hardware token, you will need to obtain a second hardware token from the Technology Help Desk.