FAQ
Two-factor authentication is a security measure designed to ensure that you, and only you, are using your Ingalls AD (username) and password to access Ingalls frequently used online services, systems, and resources. Authentication simply means that you have to prove in some way that you are who you claim to be when accessing an online service that is protected by 2FA. When 2FA is enabled, you will provide two forms of proof to gain access, your Ingalls AD and password (first factor) and an authentication code (second factor). Currently, the University uses Duo to manage the two-factor authentication process.
Note: Beginning Fall 2019, all Ingalls users are required to enroll in 2FA.
-
Select Settings from the home screen of your iPhone.
-
Select Notification Center. Scroll until you find Duo Mobile.
-
Select Duo Mobile and select Allow Notifications.
- Choose the Alert Style you prefer: Temporary or Persistent. Temporary alerts will appear on your screen and go away and persistent alerts will remain on your screen until you act upon them.
With the Duo mobile security app, you can generate passcodes that allow you to use the UChicago Medicine Ingalls Memorial two-factor authentication (2FA) service. These codes can be used in cases where you do not have your cell phone or landline to help you gain login approval to websites that use Shibboleth. For example, you may find passcodes most useful when traveling abroad in remote areas with intermittent cell reception or while on an airplane.
There are three ways to generate passcodes:
-
Use your cellphone to generate passcodes from the
Duo Mobile app. To use, simply open the app and press the gray
icon in the upper right-hand side of the app for iOS and
Android (pointed by the red arrow in the image below) or the
Generate Passcode button on Microsoft OS devices. A
six-digit numeric code is generated that can be entered when a UChicago
site requests 2FA. This feature does not use any data services and can
be used with or without internet access. It can be used as many times as
required.
-
Use the Text Passcodes service. To use this service, log on to the Go to the Two-factor Authentication.
Navigate to the Manage Devices section, and find your
device. Click on Text Passcodes. A list of 10
one-time-use passcodes will be sent to your device via text. Next, write
down or print the codes if you do not think you will have access to your
device. Because these codes are single use, it is important to keep
track of which codes you have already used. Be sure to keep this list in
a secure location. Even if the passcodes are lost, your account is still
protected by your password.
Note: This service does require data usage when initially retrieving the passcode list, but once you have the list, a mobile device is not required.
- Use the Print One-Time Passcodes service. To use this service, log on to the Go to the Two-factor Authentication. Navigate to the Manage Devices section. Click on Print One-Time Passcodes. A list of 10 one-time-use passcodes will be generated onscreen as a wallet size printable list. Because these codes are single use, it is important to keep track of which codes you have already used. Be sure to keep this list in a secure location. Even if the passcodes are lost, your account is still protected by your password.
Requiring 2FA is important part of ongoing efforts to secure the online identity and personal information of all faculty, students, and staff, as well as protect the University's research, intellectual property, and institutional data.
No. You will only be prompted to use 2FA when logging in to Citrix, RDP, VPN or OWA(Webmail) protected by 2FA.
How do I add a new device?
Visit the Two-Factor Authentication website, click on the Go to Two-Factor box and then select Register a Device in the left column. There you can register your new cell phone, tablet, or landline.
How do I activate 2FA on my new cell phone?
Depending on your situation, you can activate 2FA on your new device using one of the following methods:
I am replacing my cell phone, but not changing operating systems or phone numbers.
- Go to the Two-factor Authentication website and click Go to Two-Factor (Register and Manage Devices) from the left panel.
- Log in and find your phone number in the list of registered devices. Select Re-Activate next to your phone number.
- A prompt will ask you to download the Duo app from the App Store or Google Play. If you have already downloaded the app, select the checkbox at the bottom of the page.
- Launch the app on your device. Use the in-app camera to scan the barcode that appears on your computer monitor.
I am getting a new device with either a different operating system or a different phone number than my old device.
- Go to the Two-factor Authentication website, click the Go to Two-Factor button, then click on Manage Devices on the left panel.
- Click Remove to remove your old device from 2FA.
- Add your new device as if you were adding a device for the first time.
What if I lose my phone?
Contact Support immediately if you lose your phone or suspect that it has been stolen. The support person will disable 2FA and help you log on using another phone or device. While it's important that you contact IT Services if you lose your phone, remember that your password will still protect your account.
Can I use multiple devices with 2FA?
Yes. UCM IT Services recommends that you register at least two devices to ensure uninterrupted service if you not have access to one of your registered devices when logging in to a protected website or service. You may register a mobile phone, landline, tablet, and token.
How do I re-enable push notifications for Duo on my iPhone?
To re-enable push notifications on your iPhone if they have been disabled, go into Settings on youriPhone and select Notifications. From there, you can re-enable push notifications for the application.
How do 2FA text passcodes work?
You may choose to have a set of 10 passcodes sent to your registered smartphone from the Manage Devices screen from the Two-Factor Authentication website. Simply find your smartphone from the list of your registered phones and click Text Passcodes. A list of 10 one-time-use passcodes will be sent to your phone via text. To use a one-time passcode, click Passcode at the Duo Prompt screen and click Login to continue. It is important that you keep track of which codes you use because each passcode will be invalidated after you one use. You can print out the list of passcodes to keep in a secure location for your use any time you don't have access to your regular devices. For more detailed instructions.
Can I use Duo without incurring any data or text messaging costs?
Yes. After selecting the Duo app on your smartphone, tap the Duo key icon in the upper right corner of the screen to generate a passcode. Generating passcodes does not send any kind of message, use data, or incur any data or text messaging costs. You can generate passcodes even when you are not connected to a network.
Can I still use 2FA if I don't have reliable cellular network access on my phone?
Yes. You can click the key icon on the upper right side of the screen in Duo on iOS and Android devices, or the Generate Passcode button on Microsoft OS devices to generate a numeric passcode that you can use even if your phone does not have any network connection. As an alternative, you can use the 2FA text passcodes feature.