Two-factor authentication is available for active faculty, staff and students at Single Sign-on, and is required for various university systems log-ins. Two-factor authentication protects users from unauthorized access to CWRU accounts, in the event that a password is compromised.
Currently Duo is integrated in the HR system (HCM), Box, Virtual Private Network (VPN) and the financial system (FIN).
Duo Security: Start Guide
Quickly and simply configure Duo security 2-factor authentication for use with your cell phone, landline, smartphone, tablet, laptop or hardware token.
Duo Security: Training Videos
Watch our training videos for step-by-step instructions on enrolling and using Duo Security two-factor authentication at Case Western Reserve.
Duo Security: Enroll Your Device
Two-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.
Duo Security: Lost or Stolen Phone, Token, or Key
Even if you lose your phone, token, or key, remember that your password will still protect your account.
What is Two Factor Authentication?
Two-factor authentication provides added security by prompting you to enter a unique code at sign in, in addition to your password. The unique code, generated by your phone, is used only once. You can prompt the code from a device of your choosing (typically your smartphone). Using the Duo Mobile smartphone app (for iOS, Android) is the simplest and preferred method for obtaining the second-factor codes, but tokens and other methods are available.
Theft of Credentials is Common
- A user can be tricked into giving away their Network ID and passphrases through a malicious email or phishing or other online scams (View phishing examples here).
- Many people reuse passwords or passphrases on other websites (Amazon; LinkedIn). If compromised, attackers often publish or sell the passphrases (infosecurity-magazine.com/news/linkedin-breach-weak-passwords).
- A user shares their Network ID and/or password (in violation of CWRU policy) with someone else.
- A user logs in from an infected computer where attackers continue to run and record keystrokes of the users' passwords and/or passphrases (Keylogger).