Starting in the Winter of 2022, the Wheaton IT Department will continue our focus on cybersecurity by rolling out Duo Multi-Factor authentication. This additional layer of security is very similar to Google’s Two Step verification. Duo Multi-Factor authentication fills in the gaps by protecting all other web services outside of your Google account – For example: insideWheaton, Canvas, and the VPN. Duo Multi-Factor authentication will protect other college information tied to your wID – For example: insideWheaton, Canvas, and the VPN.
On this page
- What is Multi-Factor authentication?
- Why are we implementing Multi-Factor authentication?
- How often will I need to use Multi-Factor authentication?
- What Multi-Factor authentication method should I use?
- What are my support options when setting up Multi-Factor authentication?
- Steps for enabling Multi-Factor Authentication
What is Multi-Factor authentication?
Multi-Factor authentication adds a second layer of protection during the login process. Currently your Wheaton access is tied to “something you know” (your password). Multi-Factor authentication adds the second layer of “something you have” (typically your smartphone and absent of that, a USB security key or a Duo Number Generating Token). You most likely already have experienced using Multi-Factor authentication with your Wheaton Google Workspace account and your bank’s web site.
Why are we implementing Multi-Factor authentication?
Times are changing and hackers are finding new and creative ways to acquire user passwords;
they can buy lists of usernames and passwords on the dark web, they can use social engineering
and email phishing tactics to steal passwords, they can use something called “dictionary attacks”
as a brute force method to guess weak passwords. Adding a second form of verification dramatically
decreases the likelihood of your account being compromised.
How often will I need to use Multi-Factor authentication?
For browser based services like insideWheaton and Canvas, Duo will not require Multi-Factor authentication every time you log in if you select the “Trust this browser” option. Once you authenticate and complete Multi-factor authentication you will have the option to select “remember me for 30 days”.
For the next 30 days, Duo will not prompt you to perform Multi-Factor authentication on that device
in that browser unless you clear your browser’s cache. Multi-Factor authentication is browser specific so if you complete Multi-Factor authentication while accessing insideWheaton using the Safari browser it will not exclude you from having to complete Multi-Factor authentication if you then access insideWheaton from the Chrome browser. The exception to the 30 day rule is the FortiClient VPN, it will require that you complete Duo Multi-Factor authentication every time you log in.
What Multi-Factor authentication method should I use?
There are a couple different methods you can use to complete Multi-Factor authentication. They are….
- Use Duo’s “push” technology configured on your mobile phone (our recommended method and it is the only method available if using the FortiClient VPN)
- Use text messaging (the preferred backup method)
- If you do not own a smartphone, use a USB security key that you plug into your computer or use a Duo device called a Number Generating Token
- Receive a voice call at a different telephone number (ex: your office landline)
- One-time bypass codes can be generated by Wheaton’s IT staff as a safety measure
The Duo application method mentioned above is called a “push” notification. A “push” is where a notification is sent to an app on your mobile phone. You can then click “Approve” or “Deny” to allow/decline access to the application you are trying to log into. To get “push” notifications on your mobile phone, first install Duo Mobile found in the App Store (Apple iOS) or in Google Play (Android). Directions are provided below.
What are my support options when setting up Multi-Factor authentication?
- Place a trouble ticket inside the ITSS website located here. When creating a ticket, select “2-Factor Authentication (2FA)” -> “Duo – 2-Factor Authentication”
- Send an email to the ITSS Support staff at firstname.lastname@example.org
Steps for enabling Multi-Factor Authentication
1. To prepare for enabling Multi-Factor Authentication it’s best if you are reading these instructions on a computer and have your mobile phone available to you.
2. On your computer navigate to our community organizing and events page “Engage@Wheaton” and click the “SIGN IN” button on the top right. Enter your Wheaton email address and click “Next”.
Then enter your Wheaton password and click “Log in”
3. Since this is the first time you are logging into a Duo enabled service you will see this welcome screen which kicks off the registration process. Click “Next”.
4. On your mobile phone go to the App Store and search for “Duo Mobile”. Tap “Get” and then click “Install” to download the app.
Do not open the Duo Mobile app on your phone yet, you will be instructed to do so later.
5. On the computer screen you will be asked if you want to install the Duo Device Health app, select “Skip for now”.
6. On your computer you should see the “Select an option” screen. We highly recommend that you select the “Duo Mobile” option, this option sends Duo “push” notifications to the Duo Mobile app on your phone
7. Enter in the mobile phone number where you downloaded the Duo Mobile app and click “Add phone number”.
You will be asked if the phone number you entered is correct, select “Yes, it’s correct”.
8. On the “Confirm ownership” screen select “Send me a passcode”.
9. At this point you already have the Duo Mobile app on your phone (directions above) but the Duo Mobile app has not been tied to your Wheaton account yet. Click “Next” on the following screen.
10. You will be asked to scan a QR code on the computer screen using the Duo Mobile app on your phone. Open up the Duo app and select “Add” and select “QR Code”. Your phone may ask for permission to use the built in camera, select “Allow”. Point your phone’s camera at the QR code on your computer screen and it should detect the QR code and ask you to name this connection. Enter in a name like “Wheaton College” and complete any subsequent prompts on your phone.
11. On the computer screen you will see the following screen, select “Skip for now”
12. You will now see this screen, select “Log in with Duo”.
13. Duo will send a push notification to the Duo Mobile app on your phone (you may need to open the Duo Mobile app to get prompted). Select the green Approve option when it pops up then select “Trust this browser”.
Congratulations! At this pointed you have completed the Duo registration process. When you log into a Wheaton web service and are prompted for Duo Multi-Factor Authentication, remember to open the Duo Mobile app on your phone to complete the login process.