Duo Security: Two-Factor Authentication

Duo Security Logo with padlock graphics umposed over computer and mobile devices

Two-factor authentication is available for active faculty, staff and students at Single Sign-on, and is required for various university systems log-ins. Two-factor authentication protects users from unauthorized access to CWRU accounts, in the event that a password is compromised.

Currently Duo is integrated into many CWRU applications, including email, the HR system (HCM), Box, Virtual Private Network (VPN) and the financial system (FIN).

Enroll Your Device

hand holding a smart phone with a green and white check mark on the screen

Two-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.

Enroll Now

Start Guide

Duo Logo superimposed over a laptop

Quickly and simply configure Duo security 2-factor authentication for use with your cell phone, landline, smartphone, tablet, laptop or hardware token.

Start Guide

Lost or Stolen Phone, Token, or Key

smart phone lying in high grass

Even if you lose your phone, token, or key, remember that your password will still protect your account.

What to do now

Training Videos

backlit keyboard with one key labeled "learn"

Watch our training videos for step-by-step instructions on enrolling and using Duo Security two-factor authentication at Case Western Reserve.

Training Videos

What is Two Factor Authentication?

Two-factor authentication provides added security by prompting you to enter a unique code at sign in, in addition to your password. The unique code, generated by your phone, is used only once. You can prompt the code from a device of your choosing (typically your smartphone). Using the Duo Mobile smartphone app (for iOS, Android) is the simplest and preferred method for obtaining the second-factor codes, but tokens and other methods are available.

Theft of Credentials is Common

  • A user can be tricked into giving away their Network ID and passphrases through a malicious email or phishing or other online scams (View phishing examples here).
  • Many people reuse passwords or passphrases on other websites (Amazon; LinkedIn). If compromised, attackers often publish or sell the passphrases (infosecurity-magazine.com/news/linkedin-breach-weak-passwords).
  • A user shares their Network ID and/or password (in violation of CWRU policy) with someone else.
  • A user logs in from an infected computer where attackers continue to run and record keystrokes of the users' passwords and/or passphrases (Keylogger).