Enhanced 2-Factor Authentication

To improve security of personal data and university systems, Virginia Tech is upgrading our Duo 2-Factor Authentication service for all members of the university community. This upgrade is called "enhanced 2-factor authentication." 

What is changing and why? 

• Authentication through the Duo mobile app will require you to enter a 3-digit code to verify that the person logging in is really you! This quick step greatly reduces the risk of accidentally approving a fradulent push notification. 
• Less-secure methods of authentication, including verification by telephone call and SMS/text message, will be phased out. These methods are easy to spoof or intercept. In comparison, the updated process in the app and token authentication methods are far more secure.

Currently registered Voice call and SMS/text verification devices will continue to work for now, but these options will be discontinued in the near future.

If you use one of these options currently, we strongly recommend that you go ahead and enable the Duo Mobile App or enroll a hardware or software token, and transition away from using the text or voice methods. 

What to do

EVERYONE - print your One Time Passcodes! If you ever need to log in without your phone (and don't use a token), using one of these codes will allow you to log in without calling 4Help IT Support first. These ten codes only expire when you use them, so it's a great backup strategy to have on hand.

Do this even if you're already using the Duo Mobile App or a token, as the codes are the best backup you have if you lose your phone or token.

• Visit https://accounts.it.vt.edu
• Select '2-Factor' in the menu.
• Scroll to One Time Passcodes and click 'Generate Passcodes.'
• Click 'Generate.'
• Save these codes electronically or on paper in a secure location, or in a password manager.
• Consider that since the most likely reason you'd need these is that your phone is dead or unavailable, you need to have access to the passcodes in a way that won't require your phone.

Also, do the following:

• Set up an additional authentication option — this can be adding Duo Mobile to a second phone, having Duo Mobile on your phone + a Yubikey, etc. This way you won't be locked out if your phone breaks, you lose your hardware token, etc.
• If you currently use voice call or text/SMS as your primary verification method: take steps to enable the Duo Mobile app or enroll a hardware or software token so that you are already set for the change and using a more secure login method. 

Where to get more information

The 4Help Knowledge Base contains detailed instructions on using enhanced 2-factor authentication. These articles in particular should be helpful: 

• Duo 2-Factor Authentication - General Setup and Use (all the basics you need are here)
• Frequently Asked Questions about Duo 2-Factor Authentication (useful for troubleshooting and more advanced questions)

If you still need help after consulting the articles above, you can call 4Help at 540-231-4357 to speak with an agent, or file a ticket online at 4help.vt.edu.