Two-Factor Authentication With Duo

John Charles, Vice President of IS&T, announced earlier this month the upcoming requirement for using two-factor authentication to log into systems and services at MIT. Two-factor authentication secures our data by limiting the risk of a password compromise, which in turn could allow a cyber attacker to access services limited to MIT users. Duo Security is the service IS&T is using to leverage two-factor authentication.

Services that you will need to use Duo for, beginning September 30, 2015, include:

  • Touchstone and web services authenticated through Touchstone (such as Atlas, Barton, and Stellar)
  • MIT’s VPN service
  • Remote access to systems supported by IS&T or located within IS&T data center facilities.

Students are excluded from this requirement until Summer 2016.

Two-factor authentication is used in addition to a username and password to prove you are authorized to log into a system. It is based on the principle of something you know (your username and password) and something you have (your phone or a hardware token). Users are first asked to authenticate with their username and password (considered the first factor) and then prompted to retrieve a code that is sent to their phone or designated device (considered the second factor).

The code can be sent to the Duo application on your smartphone, which, when when it is received, you simply click on the message to OK. No re-entering of the code is necessary. You can also have a non-smart phone or hardware token set up for Duo.

Although this second step requires dedicating a bit of extra time to logging into a system, you have the option to have a browser remember you for the next 30 days, which turns off the prompt for the second factor during that time.

Learn more via the links below.

Using Duo Two-Factor Authentication (KB)

How do I log into MIT services that leverage Duo? (KB)

Register for Duo (sign up form)

Duo Memo (Letter to the Community)