Skip to Main Content
CWRU Links
University Technology, [U]Tech

Duo Security: Two-Factor Authentication

Duo Security: Two-Factor Authentication

Two-factor authentication is available for active faculty, staff and students at Single Sign-on, and is required for Human Capital Management (HCM), Financials (FIN) and Virtual Private Network (VPN) system log-ins. Two-factor authentication protects users from unauthorized access to CWRU accounts, in the event that a password is compromised.

laptop with getting started on it

Duo Security: Start Guide

Quickly and simply configure DUO security 2-factor authentication for use with your cell phone, landline, smartphone, tablet, laptop or hardware token.
Duo Security: Overview


Duo Security: Training Videos

Watch our training videos for step-by-step instructions on enrolling and using Duo Security two-factor authentication at Case Western Reserve.
Duo Security: Training Videos

phone with green check mark image on it

Duo Security: Enroll Your Device

Two-factor authentication enhances the security of your account by using a secondary device to verify your identity. This prevents anyone but you from accessing your account, even if they know your password.
Enroll Now

phone in grass

Duo Security: Lost or Stolen Phone

Even if you lose your phone, remember that your password will still protect your account.
What to do now.

What is Two Factor Authentication?

Two-factor authentication provides added security by prompting you to enter a unique code at sign in, in addition to your password. The unique code, generated by your phone, is used only once. You can prompt the code from a device of your choosing (typically your smartphone). Using the Duo Mobile smartphone app (for iOS, Android) is the simplest and preferred method for obtaining the second-factor codes, but tokens and other methods are available.

Theft of Credentials is Common

  • A user can be tricked into giving away their Network ID and passphrases through a malicious email or phishing or other online scams (View phishing examples here).
  • Many people reuse passwords or passphrases on other websites (Amazon; LinkedIn). If compromised, attackers often publish or sell the passphrases (
  • A user shares their Network ID and/or password (in violation of CWRU policy) with someone else.
  • A user logs in from an infected computer where attackers continue to run and record keystrokes of the users' passwords and/or passphrases (Keylogger).
news and alerts