As part of University Technology's 2014 Security Initiatives, we have partnered with Duo Security to offer additional protection to your uLogin account. This service, known as Two-Factor Authentication, protects your uLogin account by adding a second step to the login process. After entering your uLogin ID and password, you will use either your phone or a device known as a hardware token to confirm your identity. This prevents anyone but you from accessing your account, even if they know your password.
Am I required to enroll in Duo Two-Factor Authentication?
Drew University requires all faculty, staff, and contractors with uLogin accounts to enroll in the system in order to protect the sensitive University records that employees have access to as part of the course of their work. Please review the Responsible Use of University Data Policy for more information.
Students are not required to be enrolled in the system, although are welcome to do so if they choose. Student Employees may be required to enroll depending on the nature of their work and the electronic records they have access to.
What is the schedule for mandatory faculty and staff enrollment?
New employees and contractors must enroll in the system within two weeks after their official start date at Drew.
Those not enrolled in the system within that amount of time will have their uLogin accounts disabled. If this applies to you, please contact the UT Service Center at 973-408-4357 to discuss your options.
Completing Self-Service Enrollment
It's easy to enroll yourself in Duo Two-Factor Authentication using our self-service pages. After logging in, Duo Security will walk you through the steps to enroll one or more phone numbers into the system. We recommend enrolling multiple phones, such as your mobile phone and office landline. If you are enrolling multiple phones, enroll your primary cell phone first. Go to the self-service enrollment site (drew.edu/duo) to get started with the process or learn more about the multiple methods Duo supports for logging in.
To learn more about the enrollment process, read the Enrollment Guide on Duo Security's web site.
Please keep in mind that, when enrolling devices/landlines yourself, you will need to have the first one at hand to verify ownership. Also, pay attention to the order in which you add phone numbers, as this will affect how you log in later.
What if I do not have a cell phone?
No phone? No problem. Duo supports multiple methods for logging in. If you do not have a cell phone, you may obtain a YubiKey or Classic Hardware Token from University Technology. Tokens are distributed freely to faculty and staff who need to enroll in the two-factor authentication service. Please come to the University Technology Helpdesk with a photo ID to obtain a token. Please note that replacements for damaged or malfunctioning tokens will be provided for free. A $50 charge will apply to replace a missing token.
Using Your Account After Enrollment
Once you have enrolled in Duo Security, you will be required to complete the second step of authentication whenever you see a uLogin form. You can log in from any computer but you will need to approve the login using one of the phones (or hardware token) devices that you have enrolled in the system.
Simply enter your uLogin ID and password as usual and Duo will automatically use the Default method to log in. If you have enrolled a smartphone, Duo will send a Push message to the first smartphone listed and prompt you to approve the login using the Duo Mobile app. If you do not have any smartphones on your account, Duo will make a regular telephone call to the first number and you will be prompted to approve the login by pressing any key on your phone.
Using Duo Security options to select another login method
By clicking the Duo Security link on the uLogin form, you can select another method to use to log in. Click the drop-down to view the available options. The phones you have enrolled are designated Phone 1, Phone 2, and Phone 3 in the order in which you registered them during the enrollment process.
Please note: To use these alternate methods, you should still enter your username and password, but do not hit Enter after typing your password!
Getting "Locked Out"
If you attempt, and fail, to log in to your account ten times in a row, you will be locked out of your account. This safety measure is put in place to protect your account (and the data you have access to) from someone who has stolen your password.
A ticket will be logged automatically once you are locked out.
In order to unlock your account, your identity will need to be verified. This can be done in person, at the Helpdesk, with a photo ID, or over the phone with an alternate email address already on file with the University. Alternatively, you can designate an Authorized Proxy to vouch for you (see "Authorized Proxy", in the FAQ). Either way, you will need to have a conversation with a Duo admin (see below) regarding why you were locked out.
Using Your Device with Duo
Syncing Your Drew Email to Your Phone, Tablet, or Other Programs
Please refer to our instructions for Connecting Your Mobile Devices to Google Apps or How to Set Up Your Drew Gmail Account in an Email Client for more information on initial set up with these programs.
For applications that do not support two-factor authentication, you will need to use a new password generated specifically for use with these services known as your device password. You can read more about Device Passwords here.
Many questions are answered at the Duo Security Support Issues page here in U-KNOW.