UC San Diego SearchMenu

Two-Step Login

Learn about two-step login at UC San Diego.

IT Services is pleased to announce the availability of two-step login procedures for faculty and staff access to key networks and applications. Use the information on this page to get an overview of the program, and refer to the pages in the links in the left-hand column for guides and detailed instructions. 

At a Glance:

  • How it works: 
    • Step 1: Enter username and password like normal
    • Step 2: Verify your identity via push notification, phone call, or passcode 
  • Available for: Faculty and staff. Voluntary through 2018; required mid-January 2019.
  • Getting started: Register devices for two-step login (must be on a campus network or connected via VPN)
  • Systems activated: VPN connections and single sign-on login (including Business Systems)
    vpn screen shot Business Systems screen shot

Expand all

Two-Step Login: What It Is and Why It's Important

Need for Two-Step Login

Enabling two-step login is the single most important measure UC San Diego can take to protect networks and applications from hackers and other malicious actors.

Login credentials are more valuable than ever and are increasingly easy to compromise. Credentials can be stolen, hacked or even guessed – and you may not even know when someone else is using your account. Two-step login increases account security by preventing anyone but you from accessing your account – even if they know the password.

About Two-Step Login

Two-step login is an added layer of protection for you and the university. Upon entering your credentials, you’ll need to verify your identity through a second step. As you'll read below, the second step can be completed via a free phone app, phone call, entering a passcode or token. 

You’re probably already familiar with two-step login, which is alternately known as two-factor authentication or multi-factor authentication. An example would be when you log in to a site and are then required to enter a code sent via text message, phone call or email.

Using Two-Step Login powered by Duo

UC San Diego has chosen Duo Security to manage the two-step login process. Two-step login kicks in once you've entered your username and password as normal. Duo's technology facilitates the second step of the login process. 

UC San Diego Health, UCLA, UC Berkeley, Indiana University, Stanford and other major universities use Duo for their two-step login needs. 

And, before you ask...you won't need to establish a new username or password to use two-step login and Duo, nor will you have to change any existing passwords.

How It Works: Second Step via Push Notification, Phone Call or Passcode

How Two-Step Works: You've Got Options

Duo provides multiple options to complete the second step to confirm your identity:    

Duo Push 

Receive a push notification (or pop up) message straight to your phone or tablet. Tap the green Approve button and you're logged in! This works on iPhone and iPad, Android devices and Windows phones. You can use a personal or university-issued cell phone. 

Business Systems Sign On screen shot
Step 1: Enter login and password like normal

 

push notification screen shot
Step 2: Tap Approve and you're in!

 

Phone Call

Receive an automated phone call to your cellphone, office line or home phone. Tap or push any number and you're in (if using office line, be sure to activate tones if necessary). Note that when you register a cellphone for push notifications, it is also registered to receive calls for two-step login. 

You can also use a cellphone - personal or university-issued - to take calls without having to install the app. During the device registration process, just choose Landline (but enter your cell number). 

Passcode 

Enter a passcode code, which can be generated in multple ways:

  • The Duo app automatically generates anytime-use passcodes; see image below for example.
  • You can also request a token from the Service Desk at servicedesk@ucsd.edu or 858-246-4357.
  • Text yourself 10 single-use passcodes.
passcode token

 

Systems Activated: VPN Connections and Single Sign-on Logins

Availability: VPN Connections and Single Sign-On Logins

Two-step login is available now! Upon registering a device, you can immediately start using it for VPN connections and single sign-on (SSO) logins. Other systems and applications will be added at future dates. 

Voluntary Now; Required in January 2019

Staff and faculty use is voluntary but encouraged starting immediately. By mid-January 2019, two-step login will be required.

VPN

For VPN connections, you'll need to select a 2-Step Secured group when connecting. Learn how to connect to VPN via two-step login.

SSO

Over 600 key applications are accessed via single sign-on. Read more on SSO and how two-step login will work. Detailed information, including a visual aid, is available here

Remember for 7 Days

You can tell Duo to remember your computer for seven days. Therefore, you'll only need to complete the two-step login procedure once a week or so. Note that this applies per machine. For example, if you set your work computer to remember for seven days, you'll still have to complete two-step login if you use your home computer later that day. 

This is not recommended for use on public or shared computers. 

Bypass During Optional Phase
During the optional period through December 2018, use of two-step login is optional. If you don't have your authentication device handy or you're just in a hurry, you can bypass two-step login. 
 

 

 

Start Using: Register a Device

See How Easy It Is to Register Your Cellphone for Two-Step Login

You'll be up and running in a matter of minutes. Watch the video to see how easy it is!

When ready, view step-by-step instructions for registering your cellphone for two-step login. 

 

Best Practices: Have a Backup Plan

Recommended: Push Notification as Primary, and at Least One Backup 

When you sign up to use two-step login, you can select multiple verification methods. 

Receiving push notifications through the Duo app is the recommended primary method of setting up your two-step login. It offers the simplest, most direct method to log in: Enter your username and password as usual, tap the Approve button on your phone, and you’re in. No waiting for a call or text, no having to type in a secondary code.

It is also highly recommended to set a backup method. You can 

  • Register a backup cellphone, office line or home phone
  • Install the Duo app on a tablet and register it for Duo Push
  • Text yourself 10 single-use passcodes

Note that you'll want to register your backup methods right away. To register an alternate method, you'll first have to verify your identity using an existing two-step method. In other words, if you forget your cellphone or it's out of battery, you'll need to have already registered a different device or have saved single-use codes somewhere. 

Get step-by-step instructions on registering backup devices and setting preferences  or learn how to text yourself 10 single-use passcodes.

Other Topics: While Traveling, No Wifi or Cell Service

If you're traveling or otherwise don't have a wifi or cell Internet connection for your mobile phone, or no access to a landline, you've got options! 

  • The Duo app generates on-demand verification codes even without Internet connectivity (see image below).
  • You can text yourself 10 single-use passcodes.
  • Request a token from the Service Desk servicedesk@ucsd.edu or 858-246-4357.
passcode screenshot token

 

Expand all