Two-factor authentication is available for active faculty, staff and students at Single Sign-on, and is required for various university systems log-ins. Two-factor authentication protects users from unauthorized access to CWRU accounts, in the event that a password is compromised.
Currently Duo is integrated in the HR system (HCM), Box, Virtual Private Network (VPN) and the financial system (FIN).
Duo Security: Start Guide
Quickly and simply configure Duo security 2-factor authentication for use with your cell phone, landline, smartphone, tablet, laptop or hardware token.
Duo Security: Training Videos
Watch our training videos for step-by-step instructions on enrolling and using Duo Security two-factor authentication at Case Western Reserve.
Duo Security: Enroll Your Device
Two-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.
Duo Security: Lost or Stolen Phone
Even if you lose your phone, remember that your password will still protect your account.
What is Two Factor Authentication?
Two-factor authentication provides added security by prompting you to enter a unique code at sign in, in addition to your password. The unique code, generated by your phone, is used only once. You can prompt the code from a device of your choosing (typically your smartphone). Using the Duo Mobile smartphone app (for iOS, Android) is the simplest and preferred method for obtaining the second-factor codes, but tokens and other methods are available.
Theft of Credentials is Common
- A user can be tricked into giving away their Network ID and passphrases through a malicious email or phishing or other online scams (View phishing examples here).
- Many people reuse passwords or passphrases on other websites (Amazon; LinkedIn). If compromised, attackers often publish or sell the passphrases (infosecurity-magazine.com/news/linkedin-breach-weak-passwords).
- A user shares their Network ID and/or password (in violation of CWRU policy) with someone else.
- A user logs in from an infected computer where attackers continue to run and record keystrokes of the users' passwords and/or passphrases (Keylogger).