Duo - two-factor authentication

Duo two-factor authentication at Wellesley College

 

Duo Security is a two-factor authentication (2FA) system that adds an extra layer of security to Google Apps and Workday for your Wellesley domain account.  When it comes to account security, it’s best to protect it with both something you know (your password) and something you have (Duo with your phone or mobile app) protecting your account. 

After Duo is enabled on your account, you will be asked to authenticate with Duo when you login to Workday or Google Apps. This prevents unauthorized access to your account even if your password is compromised, because you will get prompted by Duo when you aren't trying to login yourself.  If you get prompted for Duo when you aren't trying to login, contact the Help Desk immediately to let them know of a suspicious login attempt.


Tips for logging in with Duo

Set Duo to remember you for 30 days in your browser / device

You can set Duo to remember that you authenticated for 30 days. This is a per-device, per-application, so for example if you use both Chrome and Firefox on the same computer, you will have to follow these steps in both Chrome and Firefox.

  1. Visit Google Apps with your Wellesley account.

  2. If Duo automatically starts to verify your account via your default method, click Cancel.

    • You will still need to answer your phone or accept the push request.

  3. Check the “Remember me for 30 days” checkbox, then choose one of your authentication methods to continue authenticating through Duo.

Using other mobile apps (e.g. Gmail app)

When setting up your Google account in a mobile app, at the Google login window, enter your username@wellesley.edu.  You will then get directed to a Wellesley login window where you can enter your Wellesley username and domain password as usual, and will then be prompted for Duo if you have it enabled.

Note: Yubikeys cannot be used to authenticate with Duo on mobile devices.

Choosing a different device

If you setup multiple devices for Duo and you don’t want to use the one you set as default, when the Duo screen appears, click Cancel in the bottom right.  You will then be given the option to choose a different device that you have setup on your account.


Using Duo when you're off-campus, abroad, or traveling

There are several ways you can still use Duo when you are traveling or may not have internet access.

  • Forward your office phone to your mobile phone or Google Voice.

    • When Duo calls your office phone, it will be passed along to the phone you forwarded it to and you can authenticate as usual.

  • Add your international phone number.

    • You can use any phone number with Duo, including international phones.  Follow the add a new phone instructions and add your international phone.  Make sure you include the country code, for example: Switzerland would use +41 33 123456789.

  • Use Passcodes from the Duo app, even without an internet connection.

    • The Duo Mobile app for Android and iOS also works without an internet connection by giving you Passcodes if you click on the lock icon next to Wellesley College.  Passcodes change every so often, so make sure you have your device and check it when you need to authenticate.

    • To use a Passcode instead of Push in Duo, if you have a default set, click Cancel in the popup, then click Enter a Passcode and enter your Passcode.

  • Get one-time use codes via text message to your current phone before you leave

    • If you set up your mobile phone as a mobile phone in Duo, you can request Passcodes sent to it via text messaging (SMS).  Duo will send 10 one-time use codes in each text message, and they do not expire.  The section below explains how to do this.

    • When logging into Google Apps at the Duo authentication screen, if you have a default set, click Cancel.  Then click Enter a Passcode.  In the blue bar that appears, click the Text me new codes.  You will get 10 codes each time you click the Text me new codes button, and these codes will not expire.