Duo Security: Two-Factor Authentication

Duo Security Logo with padlock graphics umposed over computer and mobile devices

Two-factor authentication is available for active faculty, staff and students at Single Sign-on, and is required for Human Capital Management (HCM), Financials (FIN) and Virtual Private Network (VPN) system log-ins. Two-factor authentication protects users from unauthorized access to CWRU accounts, in the event that a password is compromised. 


Duo Security: Start Guide

Duo Logo superimposed over a laptop

Quickly and simply configure DUO security 2-factor authentication for use with your cell phone, landline, smartphone, tablet, laptop or hardware token.

Duo Security: Overview


Duo Security: Training Videos

backlit keyboard with one key labeled "learn"

Watch our training videos for step-by-step instructions on enrolling and using Duo Security two-factor authentication at Case Western Reserve.

Duo Security: Training Videos


Duo Security: Enroll Your Device

hand holding a smart phone with a green and white check mark on the screen

Two-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.

Enroll Now


Duo Security: Lost or Stolen Phone

smart phone lying in high grass

Even if you lose your phone, remember that your password will still protect your account.

What to do now.


What is Two Factor Authentication?

Two-factor authentication provides added security by prompting you to enter a unique code at sign in, in addition to your password. The unique code, generated by your phone, is used only once. You can prompt the code from a device of your choosing (typically your smartphone). Using the Duo Mobile smartphone app (for iOS, Android) is the simplest and preferred method for obtaining the second-factor codes, but tokens and other methods are available.

Theft of Credentials is Common

  • A user can be tricked into giving away their Network ID and passphrases through a malicious email or phishing or other online scams (View phishing examples here).
  • Many people reuse passwords or passphrases on other websites (Amazon; LinkedIn). If compromised, attackers often publish or sell the passphrases (infosecurity-magazine.com/news/linkedin-breach-weak-passwords).
  • A user shares their Network ID and/or password (in violation of CWRU policy) with someone else.
  • A user logs in from an infected computer where attackers continue to run and record keystrokes of the users' passwords and/or passphrases (Keylogger).