Two-factor authentication (2FA) enhances the security of your personal information and University systems by requiring you to use your phone, tablet, or a device such as a hardware token, to verify your identity when you access UChicago online services. This prevents anyone but you from using your account to log in to websites that are protected with Okta (single sign-on), even if they know your CNetID password. Single sign-on allows you to log in to Okta-protected websites once (for a preset period of time—typically eight hours) and have access to all other Okta-protected websites without having to log in again.
Tip: You should enable 2FA on non-UChicago systems like online banking, an external email account, or even social media accounts if offered. This adds a second layer of protection to your personal data while using various online services.
Here are instructions on how to log in to protected UChicago sites with 2FA:
- As with all UChicago sites that use single sign-on, you will be prompted to sign in with your CNetID and password. With 2FA enabled, this is your first factor.
- You will then be directed to the Duo login prompt screen. This is the second factor and the independent verification that you are who you say you are through the device you have registered with 2FA. Select your device of choice (if you have more than one enrolled) and your preferred method of notification (push notification, phone call, or passcode).
Note: To avoid having to log in to Duo every day, select the Remember me for 30 days check box. Your browser will remember your device for 30 days before you have to authenticate again. This service will not work with the Safari browser. If you wish to use the Remember me for 30 days feature, choose a different browser, such as Chrome or Firefox.
Duo Push is the easiest form of authentication to use. It sends a push notification to your phone and you simply tap the Approve option to authenticate.
With Phone call, a call is sent to your phone. Answer the call and press any button on your phone to verify the call has been received.
Note: Phone calls and text message 2FA verifications incur additional charges to the University. If you are able to use Duo Push, a passcode, or a YubiKey token for verification instead, you can help avoid these charges.
The Passcode option allows you to request that a set of ten unique, single-use passcodes be sent via text message to your registered device from the 2FA Manage Devices screen. Please note that you must have your passcode before you attempt to access a site that is protected with 2FA. Passcodes also work within the Duo Prompt screen. Passcodes can only be used once and therefore you must keep track of which passcodes have been used. For more information on how passcodes work, please see the 2FA FAQ.
|
Method |
Description |
|
Duo Push |
Pushes a login request to your phone (if you have Duo Mobile installed and activated on your iPhone, Android, or BlackBerry device). Just review the request and tap Approve to log in. |
|
Phone Call |
Authenticate via phone callback. |
|
Text Passcode |
Send SMS passcodes to get a new batch of passcodes. |
Note: A hardware token is a physical device that you can plug into your laptop or desktop computer to use as your second factor. The University uses YubiKey tokens. You can purchase a hardware token for $40 to $60 (depending on which YubiKey is right for you) from the ID & Privileges Office (IPO) at the Joseph Regenstein Library.