Starting in the Winter of 2022, the Wheaton IT Department will continue our focus on cybersecurity by rolling out Duo Multi-Factor authentication. This additional layer of security is very similar to Google’s Two Step verification. As you know, Google’s Two Step verification protects your Google Workspace account. Duo Multi-Factor authentication will protect other college information tied to your wID – For example: insideWheaton, onCourse, and the VPN.
On this page
- What is Multi-Factor authentication?
- Why are we implementing Multi-Factor authentication?
- How often will I need to use Multi-Factor authentication?
- What Multi-Factor authentication method should I use?
- What are my support options when setting up Multi-Factor authentication?
- Steps for enabling Multi-Factor Authentication
What is Multi-Factor authentication?
Multi-Factor authentication adds a second layer of protection during the login process. Currently your wID login is tied to “something you know” (your password). Multi-Factor authentication adds the second layer of “something you have” (typically your smartphone and absent of that, a USB security key or a Duo Number Generating Token). You most likely already have experienced using Multi-Factor authentication with your Wheaton Google Workspace account and your bank’s web site.
Why are we implementing Multi-Factor authentication?
Times are changing and hackers are finding new and creative ways to acquire user passwords;
they can buy lists of usernames and passwords on the dark web, they can use social engineering
and email phishing tactics to steal passwords, they can use something called “dictionary attacks”
as a brute force method to guess weak passwords. Adding a second form of verification dramatically
decreases the likelihood of your account being compromised.
How often will I need to use Multi-Factor authentication?
For browser based services like insideWheaton and OnCourse, Duo will not require Multi-Factor authentication every time you log in. Once you authenticate and complete Multi-factor authentication you will have the option to select “remember me for 30 days”.
For the next 30 days, Duo will not prompt you to perform Multi-Factor authentication on that device
in that browser unless you clear your browser’s cache. Multi-Factor authentication is browser specific so if you complete Multi-Factor authentication while accessing insideWheaton using the Safari browser it will not exclude you from having to complete Multi-Factor authentication if you then access insideWheaton from the Chrome browser. The exception to the 30 day rule is the FortiClient VPN, it will require that you complete Duo Multi-Factor authentication every time you log in.
What Multi-Factor authentication method should I use?
There are a couple different methods you can use to complete Multi-Factor authentication. They are….
- Use Duo’s “push” technology configured on your mobile phone (our recommended method and it is the only method available if using the FortiClient VPN)
- Use text messaging (the preferred backup method)
- If you do not own a smartphone, use a USB security key that you plug into your computer or use a Duo device called a Number Generating Token
- Receive a voice call at a different telephone number (ex: your office landline)
- One-time bypass codes can be generated by Wheaton’s IT staff as a safety measure
The Duo application method mentioned above is called a “push” notification. A “push” is where a notification is sent to an app on your mobile phone. You can then click “Approve” or “Deny” to allow/decline access to the application you are trying to log into. To get “push” notifications on your mobile phone, first install Duo Mobile found in the App Store (Apple iOS) or in Google Play (Android). Directions are provided below.
What are my support options when setting up Multi-Factor authentication?
- Place a trouble ticket inside the ITSS website located here. When creating a ticket, select “2-Factor Authentication (2FA)” -> “Duo – 2-Factor Authentication”
- Send an email to the ITSS Support staff at email@example.com
Steps for enabling Multi-Factor Authentication
1. To prepare for enabling Multi-Factor Authentication it’s best if you are reading these instructions on a computer and have your mobile phone available to you.
2. On your computer navigate to our course management system OnCourse. Enter your wID and password and click the LOGIN button
3. Click Start setup.
4. Choose the type of device you are adding and click continue.
5. If registering a cell phone, enter the number, tick the box to verify and click continue.
6. Select the type of smart phone you have from the list and click continue.
7. On your smart phone go to the App Store and search for “Duo Mobile”. Tap “Get” and then “Install” to download the app.
8. On your smart phone navigate to the Duo Mobile app and launch the app. Start the process of adding your Wheaton account in the Duo Mobile app by click “Continue” on the welcome screen.
9. Choose “Use a QR code” on this screen. This will open the camera app on your phone and you may have to “allow” this action.
10. On your computer choose the option “I have Duo Mobile installed”.
11. A QR Code will be displayed on your computer and you should use your smart phone to scan this QR Code. DO NOT scan the QR Code on this documentation, scan the QR Code on your computer.
12. The Duo Mobile app on your smart phone will now prompt you to name your account and will then tell you that your account is linked. It will also prompt you to turn on notifications for the app. It will also give you an option to practice using the Duo Mobile app.
13. On your computer you should now see a green check mark over the QR Code. Click continue on this screen.
14. Select “Ask me to choose an authentication method” from the pull down menu in the middle of the box. Then click “Continue to Login”.
15. Duo Mobile is now installed, you can click
“Send me a Push”, otherwise select “Call Me” or “Enter a Passcode” where you
can have Duo text you a passcode.
16. A push notification will pop up on your phone where you can tap “Approve” to complete your login.
**note** If using the “push” notification make sure “Allow Notifications” is enabled on your smartphone