As part of University Technology's 2014 Security Initiatives, we have partnered with Duo Security to offer additional protection to your uLogin account. This new service, known as Two-Factor Authentication, protects your uLogin account by adding a second step to the login process. After entering your uLogin ID and password, you will use either your phone or a device known as a hardware token to confirm your identity. This prevents anyone but you from accessing your account, even if they know your password.
This service is not enabled by default. In order to use Duo Two-Factor Authentication, you must first enroll in the system. If you are not enrolled in the system, you will continue to log in to Drew University web sites using your regular uLogin ID and password.
Am I required to enroll in Duo Two-Factor Authentication?
Drew University will be requiring all faculty, staff, and contractors with uLogin accounts to enroll in the system in order to protect the sensitive University records that employees have access to as part of the course of their work.
Students are not required to be enrolled in the system, although are welcome to do so if they choose. Student Employees may be required to enroll depending on the nature of their work and the electronic records they have access to.
Completing Self-Service Enrollment
It's easy to enroll yourself in Duo Two-Factor Authentication using self-service pages. After logging in, Duo Security will walk you through the steps to enroll one or more phone numbers into the system. We recommend enrolling multiple phones, such as your mobile phone and office landline. If you are enrolling multiple phones, enroll your primary cell phone first. Click here to get started with the process.
To learn more about the enrollment process, read the Enrollment Guide on Duo Security's web site.
What if I do not have a cell phone?
If you do not have a cell phone, you may obtain a Hardware Token from University Technology. Tokens are distributed freely to faculty and staff who need to enroll in the two-factor authentication service. Please come to the University Technology Help Desk with a photo ID to obtain a token.
Using Your Account After Enrollment
Once you have enrolled in Duo Security, you will be required to complete the second step of authentication whenever you see a uLogin form.
Simply enter your uLogin ID and password as usual and Duo will automatically use the Default method to log in. If the first phone you enrolled is a smartphone, Duo will send a push message to that phone and prompt you to approve the login using the Duo Mobile app. If it is not a smartphone, Duo will make a regular telephone call to that number and you be prompted to approve the login by pressing any key on your phone.
Using Duo Security options to select another login method
By clicking the Duo Security link on the uLogin form, you can select another method to use to log in. Click the drop-down to view the available options. The phones you have enrolled are designated Phone 1, Phone 2, and Phone 3 in the order in which you registered them during the enrollment process.
- Defaults - If you do not select any Duo Security options, Duo will automatically use the Default method. If the first phone you registered is a smartphone, Duo will automatically send a Push notification to that phone to approve the login. If the first phone is not a smartphone, Duo will place a telephone call to that number instead.
- Push (recommended) - If you have registered a smartphone and installed the Duo Mobile app, the Push method of authentication is recommended. In this mode, Duo will send a notification to your smartphone. Simply accept the pop-up message on your phone and click Approve to authorize the login request.
- Text - You may use the Text option with any phone capable of receiving text messages. When you select the Text option, Duo will send a set of 10 one-time passcodes to the phone you have selected. After the text message has been sent, you will be returned back to the uLogin form with a login failed message. Once you have the text message, you may use each code in the message to log in once using the Passcode option. Once you have exhausted your 10 passcodes, use the Text option again to get more. Whenever you use the Text option to send passcodes, any previously texted passcodes are invalidated immediately, even if unused.
- Call - When you select the Call option, Duo will place a telephone call to the phone selected. Answer the phone and listen to the voice prompt. Pressing any key on your touch tone phone will approve the login request.
- Passcode - You may obtain a 6-digit one-time login passcode from one of several sources. Simply enter the passcode into the box below the drop-down to log in.
- Using a hardware token - If you have been issued a hardware token, simply press the button to generate a new passcode.
- From a text message - If you have used the Text option to send yourself 10 one-time passcodes, enter a passcode you have not used previously. When you have run out of passcodes, you can use the Text option again to send 10 more.
- Using the Duo Mobile app on your phone - If you have registered your smartphone with Duo, buy you are out of cell coverage and cannot use the normal Push method, you may use the app to generate a passcode. Using your Duo Mobile app, touch the key icon next to the Drew University account to generate a new one-time passcode.
Using Your Device with Duo
Duo supports a wide-variety of different devices for authentication. Select the type of device you are using to learn more:
Syncing Your Drew Email to Your Phone, Tablet, or Other Programs
After enrolling in Duo you will need to take additional steps if you currently synchronize your Drew University email and calendar with your smartphone or tablet, or use other email and calendar software such as Microsoft Outlook, Apple Mail, or Thunderbird. At present, these applications do not support two-factor authentication. Therefore, once you have activated Duo, we generate a new password specifically for use with these services known as your device password. Your device password is automatically managed by the system and will be changed for you every 90 days.
When setting up your phone or tablet to connect to Drew email, please consult our instructions. However, instead of entering your normal uLogin Password, enter your Device Password instead.
Obtaining your Device Password
You may obtain your current Device Password at any time by visiting the self-service enrollment site. For security reasons, you will be prompted to perform two-factor authentication again even if you have already logged into uLogin. Information about your device password is displayed towards the bottom of the page:
We recommend selecting Enable Notifications so that you will receive an email automatically when your device password is about to expire and when it has been changed automatically.
What happens when my device password expires?
When your device password expires, the system will generate a new one for you automatically. If you have selected Enable Notifications, the system will send you an email several days before the device password expires and after it has been changed. Once your device password has changed, your smartphone, tablet, or other email software will stop receiving new messages. Most phones will automatically prompt you for the new password. Simply visit the self-service enrollment site to obtain your new password and enter into your device. Your device should start sending and receiving messages and calendar updates normally.
I am planning to go on a trip. How do I ensure that my phone's email service is not interrupted due to my device password changing?
We cannot extend the 90 day deadline for device password changes. However, you can expire your device password early to ensure uninterrupted service while you are away. Before your trip, simply visit the self-service enrollment site to check when your device password expires. If it will expire during your trip, click Generate a new device password to expire your current password immediately and generate a new one. This new password will not expire for an additional 90 days. Enter the new password into your phone and you will be able to enjoy uninterrupted service while you are away.
Frequently Asked Questions and Common Issues
- Do I still need to change my uLogin password every 180 days after enrolling in this service? No. Duo Two-Factor authentication adds additional verification after every login. For this reason, Drew does not require two-factor users to change their regular uLogin passwords every 180 days. Once you have completed Duo enrollment, the password expiration policy will be removed from your uLogin account automatically.
- My phone has stopped receiving email and calendar updates after enrolling in Duo. What can I do? Once you enroll in Duo any other devices you have connected to your Drew email account, including smartphones and tablets as well as third-party email programs like Outlook, Apple Mail, or Thunderbird, will need to use a special password to connect to your account. This password is known as your device password and will be generated automatically by the system. Learn more about using your device password here.
- Does Duo Security only apply to Drew web sites using uLogin? What about logging into my computer? At present, Duo Security applies to web-based services protected by Drew's uLogin system. Duo authentication is not required for local logins to your computer.
- I've lost my phone. What do I do? Please contact the University Technology Service Center (+1 973-408-HELP) immediately so that we can deactivate that phone as a valid authenticator for your account.
- I need to re-activate Duo Mobile. If you have a new phone and need to reactivate the Duo Mobile app please contact the University Technology Service Center for assistance. If you are still able to log into your Drew account via another phone or token registered to your account, we will be able to send you a new activation link for Duo Mobile. Otherwise, you will need to visit the Help Desk in person with a photo ID to register the new device.
- My hardware token stopped working. Contact the University Technology Service Center if your hardware token has stopped working or you cannot log in using the passcodes it generates.
Your token can get "out of sync" if the button is pressed too many times in a row and the generated passcodes aren't used for login. In some cases this can happen by accident if the token is stored next to other objects in a pocket, backpack, etc. Your administrator will ask you to generate three passcodes in a row and can attempt to resynchronize the token.
- My token is physically damaged or has been lost. If your token has been lost, please contact the Service Center immediately so that it can be deactivated as a valid authenticator for your account. Faculty and staff may obtain new tokens from the Help Desk with a Photo ID. Replacements for damaged or malfunctioning tokens will be provided for free. A $50 charge will apply to replace a missing token.