First, a hearty thank you to the members of the community who have so quickly and readily engaged with Duo Two-Factor Authentication, helping to protect both their own files and content as well as the security of the College! We currently have over 90 percent of the faculty and academic staff signed up and using Duo for a total of over 1,670 folks enrolled, who’ve registered over 5500 devices as their second factors. We expect to complete the transition by this summer, including the rest of the students. Duo is being used to authenticate to Swarthmore all over the United States (see graphic). And folks are logging in from other locations around the world when they are traveling!
As we move forward to bring on board the rest of the staff of the College, and the rest of the students, there are some suggestions you might consider to make things easier for both yourself and students.
If your phone is your primary authenticator, keep it charged! (Many students seem to live in a state of nearly empty batteries on their cell phones. If that’s your only second factor, you could be stuck without a working phone, and without access to Swarthmore services!)
Set up multiple second factors. Even if your phone works great for you, sometimes things happen. Phones break. You can use your office phone, your lab phone, your home phone, your classroom phone and your tablet (IOS or Android). Any time you log in using Duo, you can add or manage your devices and settings (see the links to the left of the Authentication dialog highlighted in the orange box in this portion of that screen). Instructions on adding devices can be found at this address: https://kb.swarthmore.edu:8443/display/2FA/Adding+Devices+and+Changing+Your+Settings
Tired of having to use that second factor to authenticate every time? Check the “Remember me for 15 days” option towards the bottom of the Duo Authentication dialog. That will allow you to go for two weeks without having to use your second factor, so long as you are using the same browser and computer as when you checked that box. (Note that some browsers are set to clear their cache each time one closes a window, or the browser. If your’s is set that way, this tip won’t work.)
Why is the “Remember me” option set for 15 days? It’s honestly a compromise between the most secure option (an hour or less), and convenience. Some colleges and universities have taken a more absolute approach and require the second factor at every login, or within an hour or two. We are trying to balance security and convenience, but we’ll be monitoring to see how effective things are.
Traveling? Have Duo text you a batch of 10 codes for authenticating, and then print them out on paper. (If you don’t have a phone that can handle texting, then the Help Desk can give you this list before you leave.) These single use codes can get you going if your other options are limited. Select the “Enter a Passcode” option in the authentication window to get the option to send yourself new codes. Note that your smart phone is also a passcode generator that works even when you don’t have network or cellular access. (Touch the Key symbol to the right of where it says “Swarthmore College” in the Duo App to display a passcode you can use to connect.) You could use this method to authenticate to add a new phone in the new country you’ll be in while traveling.
Don’t know how to get back to a Duo Authentication screen? Log into a College account from a Chrome Incognito window. (File Menu, select “New Incognito Window”) This will open a browser window without any cookies or tracking, and will force Duo to re-authenticate.
Don’t have a smart phone or tablet device? There are also hardware U2F tokens that can be used with Duo as well as separate code generating devices. Some, like a YubiKey, also require a standard USB 1.0 or 2.0 port (new Macbooks, and Macbook Pros need an adapter for USB-C ports), the Chrome browser, and won’t work with Firefox, Safari or Internet Explorer. There are options. Please consult the Help Desk if you don’t have a cell phone you can use for your second factor.
Finally, if your cell phone, hardware token, tablet or other device that can be used to authenticate you gets lost or stolen, please notify the Help Desk immediately! We can help you remove that device from your set of second factors until you can get a new one.