Commonly Asked Questions
What is two-factor authentication (2FA)?
2FA is an added security measure similar to how you protect your bank account with a pin number (something you know) and debit card (something you have) when you withdraw money from an ATM. The University’s 2FA provider is a company named Duo Security (Duo for short).
After you enroll in 2FA, when you log in to any 2FA-protected website or service, you will enter your CNetID and password (something you know) as you do today, and then use your smartphone or another device (something you have) to verify your identity.
Why is 2FA being required?
Requiring 2FA is important part of ongoing efforts to secure the online identity and personal information of all faculty, students, and staff, as well as protect the University’s research, intellectual property, and institutional data.
Who is required to use 2FA?
Beginning spring 2018, all University of Chicago faculty and staff members will be required to enroll in and use 2FA to log in to many of the University’s most frequently used online services and systems. Students will also be required beginning with the Autumn 2018 incoming class.
Can I use multiple devices with 2FA?
Yes. You are encouraged to enroll at least two devices (such as a smartphone, tablet, and/or office landline phone) with 2FA to avoid difficulties with verifying your identity if your only enrolled device is unavailable.
Is 2FA required for all of the online service and systems I use at UChicago?
No. You will only be prompted to use 2FA when logging in to a 2FA-protected service or system. For a list of some of the most frequently used services and systems protected by 2FA, see Top University Sites using 2FA.
What is Duo and Duo Mobile?
Duo is the company that provides the 2FA service used by the University. Duo Mobile is the app that can be downloaded and installed on smartphones and tablets. It provides two of the methods that can be used to verify your identity when logging in to any 2FA-protected service or system.
How do I add a new device?
Visit the two-factor authentication website, click on the “Go to Two-Factor” button, and then select “Register a Device” in the left column. There you can register your new cell phone, tablet, landline phone, or token.
How do I activate 2FA on my new device?
You can activate 2FA on your new device using one of the following methods, depending on your particular situation.
I am replacing my cell phone, but not changing operating systems or phone numbers.
- Go to the two-factor authentication website and click “Go to Two-Factor (Register and Manage Devices)” from the left panel.
- Log in and find your phone number in the list of registered devices. Select “Re-Activate” next to your number.
- A prompt will ask you to download the Duo app from the App Store or Google Play. If you have already downloaded the app, select the checkbox at the bottom of the page.
- Launch the app on your device. Use the in-app camera to scan the barcode that appears on your computer monitor.
I am getting a new device with either a different operating system or a different phone number than my old device.
- Go to the two-factor authentication website, click the “Go to Two-Factor” button, then click on “Manage Devices” on the left panel.
- Click “Remove” to remove your old device from 2FA.
- Add your new device as if you were adding a device for the first time.
What if I lose my cell phone?
Contact IT Services immediately if you lose your cell phone or suspect that it’s been stolen. A member of the IT Service Desk will disable 2FA and help you log in using another cell or landline phone or hardware token. While it’s important that you contact IT Services if you lose your cell phone, remember that your password will still protect your account. For more detailed instructions, see the article 2FA: Replacement Procedure for Lost, Broken, or Upgraded Devices.
How do I re-enable push notifications for Duo on my iPhone?
To re-enable push notifications on your iPhone if they have been disabled, go to Settings on your iPhone and select “Notifications.” From there, you can re-enable push notifications for the application. For more detailed instructions, see the article Enable 2FA Push Notifications for iPhone.
Can I still use 2FA if I don't have reliable cellular network or internet access on my cell phone?
Yes. Tap the green key button associated with the University of Chicago entry in the Duo Mobile app on your smartphone to receive a six-digit passcode. On the Duo verification screen in your web browser, select “Enter a Passcode,” type the six-digit code into the “Passcode” field, and hit “Log In.” This option will work without an internet connection and/or cellular data service (e.g., when traveling on an airplane or internationally).
Can international phone numbers be used in Duo?
Yes. All international phone numbers are supported in Duo.
Can I use Duo without incurring any additional data or text messaging costs?
Yes. After selecting the Duo app on your smartphone, tap the green key button to receive a six-digit passcode. Generating passcodes does not send any kind of message, use data, nor incur any data or text messaging costs. You can generate passcodes even when you are not connected to a network. More information is provided in the article Use the Duo Security App to Generate 2FA Passcodes.
How do 2FA text passcodes work?
You may choose to have a set of 10 passcodes sent to your registered smartphone from the “Manage Devices” screen from the two-factor authentication website. Simply find your smartphone from the list of your registered phones and click “Text Passcodes.” A list of 10 one-time-use passcodes will be sent to your phone via text. To use a passcode, click “Passcode” at the Duo Prompt screen and then click “Login” to continue.
You can print out the list of passcodes to keep in a secure location for your use any time you don’t have access to your registered devices. It is important that you keep track of which codes you use because each passcode can only be used once.
What is a hardware token?
A hardware token is a physical device that generates a numeric passcode that you can use to log in to 2FA-protected websites and services. You can purchase a token for $40 to $60 (depending on which token is right for you) from the ID & Privileges Office at the Joseph Regenstein Library.
What can I do if my hardware token stopped working?
Contact IT Services at 773.702.5800 or visit the TechBar if your token stops working or if you can’t log in with the passcodes it generates.
Do I have to verify my identity using 2FA every time I log in to a 2FA-protected service or system?
When logging in to a 2FA-protected website, you can elect to have Duo remember you for 30 days. To enable, simply select the “Remember this device for 30 days” checkbox that is located near the bottom of the Duo verification screen. Once enabled, you will not be required to verify your identity for 30 days.
Please note, this setting is available per device and web browser, meaning you will need to select the option on each device and web browser you use, as applicable. Also, certain web browser privacy settings (e.g., disabling cookies) may interfere with this setting.
Do I still need to change my password regularly if I use 2FA?
What do I do if I get a notification from Duo that I did not request?
Select “Deny” in your Duo app if you did not initiate the request. Then contact IT Services.
What information does Duo collect?
Both the Duo Mobile app and the Duo prompt collect information from your device when you open the app or use it log in.
The information collected includes:
- Attributes such as hardware model, operating system, unique user and device identifiers, and characteristics
- Connection information (including the name of a mobile operator or ISP, language and time zone, and mobile phone number)
- IP address
What if I have additional questions or need assistance?
If you have additional questions or need assistance regarding 2FA, review the Get Help with 2FA page for the support options available to you.
Will 2FA be required to use the University's virtual private network (VPN)?
Yes, beginning on Thursday, September 6 you will be required to enroll in 2FA to access the University’s Virtual Private Network (VPN). After this date, once you provide your cNetID and password you will be directed to the 2FA authentication screen. After you verify your identity you will be provided access to the VPN. If an individual has yet to enroll in 2FA, they will be redirected to https://2fa.uchicago.edu where they can complete the enrollment process.