UC San Diego SearchMenu

Two-Step Login

Two-step login is now in effect for VPN connections and single sign-on sessions for faculty, staff and UC San Diego Health team members.

As of January 30, 2019, two-step login is required for faculty and staff access to key networks and applications. Use the information on this page to get an overview of the program, and refer to the pages in the links in the left-hand column for guides and detailed instructions. 

At the moment, two-step login applies to the following (get specific details from the left-hand navigation):

  • Campus VPN
  • Single sign-on
  • Office 365

Attention UC San Diego Health team members: Due to licensing structures and privacy rules, the UC San Diego and UC San Diego Health instances of Duo function independently of each other. For example, to access systems via the dropdowns above, like Instruction Tools and Research Tools, you’ll need to read the information herein and register your devices on the UC San Diego instance. Learn more at this link about what it’s like to use two-step login at multiple institutions.   

At a Glance:

  • How it works: 
    • Step 1: Enter username and password like normal
    • Step 2: Verify your identity via push notification, phone call, or passcode 
  • Required for: Faculty, staff and UC San Diego Health team members. 
  • Getting started: Click here to register devices for two-step login 
  • Systems activated: VPN connections and single sign-on login (including Business Systems)

    vpn screen shot Business Systems screen shot

Expand all

Two-Step Login: What It Is and Why It's Important

Need for Two-Step Login

Enabling two-step login is the single most important measure UC San Diego can take to protect networks and applications from hackers and other malicious actors.

Login credentials are more valuable than ever and are increasingly easy to compromise. Credentials can be stolen, hacked or even guessed – and you may not even know when someone else is using your account. Two-step login increases account security by preventing anyone but you from accessing your account – even if they know the password.

About Two-Step Login

Two-step login is an added layer of protection for you and the university. Upon entering your credentials, you’ll need to verify your identity through a second step. As you'll read below, the second step can be completed via a free phone app, phone call, entering a passcode or token. 

You’re probably already familiar with two-step login, which is alternately known as two-factor authentication or multi-factor authentication. An example would be when you log in to a site and are then required to enter a code sent via text message, phone call or email.

Using Two-Step Login powered by Duo

UC San Diego has chosen Duo Security to manage the two-step login process. Two-step login kicks in once you've entered your username and password as normal. Duo's technology facilitates the second step of the login process. 

UC San Diego Health, UCLA, UC Berkeley, Indiana University, Stanford and other major universities use Duo for their two-step login needs. 

And, before you ask...you won't need to establish a new username or password to use two-step login and Duo, nor will you have to change any existing passwords.

How It Works: Second Step via Push Notification, Phone Call or Passcode

How Two-Step Works: You've Got Options

Duo provides multiple options to complete the second step to confirm your identity:    

Duo Push 

Receive a push notification (or pop up) message straight to your phone or tablet. Tap the green Approve button and you're logged in! This works on iPhone and iPad, Android devices and Windows phones. You can use a personal or university-issued cell phone. 

Top tip: Before initiating a push notification, make sure your device is close at hand and unlocked!

Note that using a personal cellphone is by no means required. Read on for other options!

Business Systems Sign On screen shot
Step 1: Enter login and password like normal


push notification screen shot
Step 2: Tap Approve and you're in!


Phone Call

Receive an automated phone call to your cellphone, office line or home phone. Tap or push any number and you're in (if using office line, be sure to activate tones if necessary). Note that when you register a cellphone for push notifications, it is also registered to receive calls for two-step login. 

You can also use a cellphone - personal or university-issued - to take calls without having to install the app. During the device registration process, just choose Landline (but enter your cell number). 


Enter a passcode code, which can be generated in multiple ways:

  • The Duo app automatically generates anytime-use passcodes; see image below for example.
  • You can also request a token from the Service Desk at servicedesk@ucsd.edu or 858-246-4357.
  • Text yourself 10 single-use passcodes.
passcode token


Systems Activated: VPN Connections and Single Sign-on Logins

Availability: VPN Connections and Single Sign-On Logins

Two-step login is available now! Upon registering a device, you can immediately start using it for VPN connections and single sign-on (SSO) logins. Other systems and applications will be added at future dates. 

Required as of January 30, 2019

Starting January 30, 2019, two-step login became required for faculty, staff and UC San Diego Health personnel use of:


For VPN connections, you'll need to select a 2-Step Secured group when connecting. Learn how to connect to VPN via two-step login.


Over 600 key applications are accessed via single sign-on. Read more on SSO and how two-step login will work. Detailed information, including a visual aid, is available here

Remember for 7 Days

You can tell Duo to remember your computer for seven days. Therefore, you'll only need to complete the two-step login procedure once a week or so. Note that this applies per machine. For example, if you set your work computer to remember for seven days, you'll still have to complete two-step login if you use your home computer later that day. 

This is not recommended for use on public or shared computers. 

Start Using: Register a Device

See How Easy It Is to Register a Cellphone for Two-Step Login

You'll be up and running in a matter of minutes. Watch the video to see how easy it is!

When ready, view step-by-step instructions for registering your cellphone for two-step login. 


Best Practices: Have a Backup Plan

Recommended: Push Notification as Primary, and at Least One Backup 

When you sign up to use two-step login, you can select multiple verification methods. 

Receiving push notifications through the Duo app is the recommended primary method of setting up your two-step login. It offers the simplest, most direct method to log in: Enter your username and password as usual, tap the Approve button on your phone, and you’re in. No waiting for a call or text, no having to type in a secondary code.

It is also highly recommended to set a backup method. You can 

  • Register a backup cellphone, office line or home phone
  • Install the Duo app on a tablet and register it for Duo Push
  • Text yourself 10 single-use passcodes

Note that you'll want to register your backup methods right away. To register an alternate method, you'll first have to verify your identity using an existing two-step method. In other words, if you forget your cellphone or it's out of battery, you'll need to have already registered a different device or have saved single-use codes somewhere. 

Get step-by-step instructions on registering backup devices and setting preferences  or learn how to text yourself 10 single-use passcodes.

Other Topics: While Traveling, No Wifi or Cell Service

If you're traveling or otherwise don't have a wifi or cell Internet connection for your mobile phone, or no access to a landline, you've got options! 

  • The Duo app generates on-demand verification codes even without Internet connectivity (see image below).
  • You can text yourself 10 single-use passcodes.
  • Request a token from the Service Desk servicedesk@ucsd.edu or 858-246-4357.
passcode screenshot token


Expand all